Configuring SSL certificates for two servers

k3vmo
Contributor II

My org has two domains

I have two servers that will work behind a load balancer that will be for our second domain instance. The public cert is jamf.mycompany.org - I have the public entrust certificate and I've gone through the steps using Keytool on my primary server from: Enabling SSL on Tomcat. I imported the root, intermediate, and server certificate

I was not the admin that configured the first instance - however using keytool -list, it appears the secondary in that case does have the certs in the keystore

I have not yet uploaded the .jks file because I have a second server.

Do I need to run through the same steps on the secondary Windows server? If so - if I were to upload the .jks file - wouldn't it just overwrite what I uploaded on the primary server --- since it's using the same database?

1 REPLY 1

kishoth_p
New Contributor II

@k3vmo - It will be a straightforward approach. Please refer the following article https://docs.jamf.com/technical-articles/Installing_a_Jamf_Pro_Web_Application_in_the_DMZ.html

Where you will be asked to modify the server.xml file present in secondary DMZ server.

Stop the tomcat services and then proceed to Step 1

Step 1 - Copy the JAMF Pro Primary server keystore.jks and place it in JAVA Bin folder of Secondary JAMF server (which is the default location of .jks)

Step 2 - Open the server.xml file from secondary server (Verify the path mentioned in the article)

Step 3 - Navigate to the following line 

keystoreFile="/path/to/keystore-file"

 keystorePass="changeit"

Step 4 - Modify the server.xml file to point at the keystore file by locating the Connector Port element as mentioned above (Update the File path & the keystore password)

FYI...External server mentioned in article is nothing but secondary DMZ server.

Do keep me updated how it goes and let me know if you have any hurdles..

Regards,

Kishoth P