2.6. Configuring https certificates

To allow https to run on the sFlowTrend-Pro server, an https certificate is required. When the sFlowTrend-Pro service is first started, a default certificate will be installed with a generic localhost hostname.

It is possible to configure a different certificate to use for the server, if for example, you wish to use a certificate signed by a local enterprise certificate authority. To do so, you will need to use the command keytool, which is included with the Java Development Kit (JDK), available from Oracle or the OpenJDK.

First stop the sFlowTrend-Pro service. Then create the keystore to use with keytool. The keystore must contain a trusted certificate entry (including a private key), and should be placed in the sFlowTrend-Pro home directory. You should then create the custom configuration options server.webserver.https.keyStore, server.webserver.https.alias, server.webserver.https.password and server.webserver.https.keyPassword (these are only required if the desired values are different from the defaults). When the sFlowTrend-Pro service is then restarted, the new certificate from the keystore will be used.

If, at any time a new default certificate is required, just stop the sFlowTrend-Pro service, delete the default keystore, and restart the service. A new default keystore will be automatically created.

The sFlowTrend-Pro server can force clients to always use https, rather than http. For information on this please see the server.webserver.forceHttps custom configuration option.