These instructions show you how to configure HelpSystems Insite to run in secure sockets layer (SSL) mode with a Trusted certificate all while using your browser on your desktop, or even on a mobile device, such as a phone or tablet. Steps include:

  • Enabling the Certificate on Windows or Linux. 
  • Accessing the Insite server with your browser.
  • Troubleshooting.

Enabling the Trusted Certificate

  1. Stop the HelpSystems Insite Server service. 
    • On Windows, run services.msc to open the Services Manager.
    • Right-click HelpSystems Insite Server and choose Stop.
  2. Copy your Trusted certificate file into the installation:
    • Windows: C:\Program Files(x86)\Help Systems\HelpSystems Insite\conf\
  3. Open and edit the server.xml file as follows. This file’s location depends on the directory where the portal server is installed (see step 2). Note: You can edit the server.xml file with any text editor. Be sure to create a backup a copy of the original file before editing. If you are not familiar with the XML format, we recommend using an XML-aware editor such as XML Notepad or Notepad++.
    1. Change the following settings in the Connector for protocol="HTTP/1.1" (an example is included below):
      • Change port="3030" to port="8443"
      • Change protocol="HTTP/1.1" to protocol="org.apache.coyote.http11.Http11NioProtocol"
      • Change SSLEnabled="false" to SSLEnabled="true"
      • Change scheme="http" to scheme="https"
      • Change secure="false" to secure="true"
      • Change keystoreFile to "conf/[trustedcertificatefilename]
      • Change keystorePass to "[password of your trusted certificate]"
      • Remove sslprotocol="TLS"
      • Add sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" 
    2. Uncomment and change redirectPort="8009" to redirectPort="8443" in the Connector for protocol="AJP/1.3".

    Example:

    <!-- Define a SSL HTTP/1.1 Connector on port 8443

             This connector uses the JSSE configuration, when using APR, the

             connector should be using the OpenSSL style configuration

             described in the APR documentation -->

    <Connector SSLEnabled="true" clientAuth="false" compression="force" keystoreFile="conf/certificatename.pfx" keystorePass="keystorepassword" keystoreType="PKCS12" maxHttpHeaderSize="32768" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"/>

    <!-- Define an AJP 1.3 Connector on port 8009 -->

            <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

     

    Note: Make sure the port 8009 is available and not being used by another process on the system. You can submit the command from a DOS prompt to view the assigned ports to verify:

    netstat -a | find "8009"

    If port 8009 is already in use and ‘listening’, change 8009 to a different port like 8008:

     

  4. Save your changes to server.xml.
  5. Start the HelpSystems Insite Server to complete the configuration process.

Accessing the Page

  1. Change your browser links to use https (instead of http) and the correct port (8443). Ensure that you specify the fully qualified name.
  2. The browser link should look like this: https://x.x.x.x:8443/ where x.x.x.x is the IP address of your HelpSystems Insite server.

Note: Your browser may ask you to define an exception in order to access the page.

Troubleshooting

Should you run into issues, see the below for possible solutions:

  • Check the firewall configuration on the server to make sure the Insite https port is allowed incoming connections (port 8443 in example server.xml).
  • On the Insite server system, check that "nslookup myserver.<domainname>.com" returns the correct IP address.
    • If it does not, then do A or B:
      • A. Have your server added to DNS by I.T.
      • B. Add the appropriate entry to the server's hosts file.
    • If the Insite server is hosted on a Windows system that is joined to <domainname>.com:
      • On *client* system check that "nslookup myserver.<domainname>.com" returns the correct IP address
    • If Insite server is not joined to the <domainname> domain then on browser client systems the "hosts" file needs to be modified to include an entry for myserver.<domainname>.com
      • Windows hosts file located at: c:\Windows\system32\Drivers\etc\hosts
      • *nix hosts file located at: /etc/hosts
      • Example entry for "myserver":
        • 10.60.10.56 myserver.<domainname>.com
      • After ensuring the above, navigate in browser to https://myserver.<domainname>:8443 and the connection should be secure without any browser warnings or adding certs to the client system.

      Still have questions? We can help. Submit a case to Technical Support.

      Last Modified On: April 09, 2019