Install Custom Cert
How do I apply my own SSL certificate? We use an embedded Tomcat 7.x as the built-in webserver for NxFilter. If you want to apply your own SSL certificate with Tomcat there are two parameters you need to set in Tomcat config file. One is 'keystoreFile' and the other one is 'keystorePass'. However, we don't have a separated config file for Tomcat. We use '/nxfilter/conf/cfg.properties' file to set these parameters. keystore_file = conf/myown.keystore keystore_pass = 123456 * About how to build keystore file, read Tomcat manual.
To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate has comments before the key data, remove them before importing the certificate with keytool. To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt -caname root -chain
This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"
NOTE : Edit to fit your environment
systemctl stop nxfilter state=$(systemctl --all | grep nxfilter) if grep -q running <<< $state; then #echo "Still Running" sleep 5 exec /<script location>/nxupdate.sh else cd /<installdirectory>/bin/ #pwd exec /<installdirectory>/bin/update_sh.sh fi
Systemd Unit File
Make sure to modify the unit file to fit your environment.
[Unit] Description=NXFilter startup script After=network.target [Service] Type=simple ExecStart=/<installdirectory>/bin/startup.sh ExecStop=/<installdirectory>/bin/shutdown.sh [Install] WantedBy=default.target
Copy the URL from the NXFilter site to use with the script
#!/bin/bash wget "$1" &> /tmp/wgetnxfilter grep "Saving to:" /tmp/wgetnxfilter > /tmp/wgetnxfilter2 sed -i "s/\’//" /tmp/wgetnxfilter2 sed -i "s/\‘//" /tmp/wgetnxfilter2 rm -f /tmp/wgetnxfilter sed -i 's/^Saving\ to:\ //' /tmp/wgetnxfilter2 zip=$(cat /tmp/wgetnxfilter2) rm -f /tmp/wgetnxfilter2 echo "The version downloaded is $zip. Do you want to continue?" read -s answer if [ "$answer" != "y" ]; then exit 1 else systemctl stop nxfilter unzip $zip echo "systemctl start nxfilter" >> /<install directory>/bin/update_sh.sh chmod +x /<install directory>/bin/update_sh.sh chmod +x /<install directory>/bin/shutdown.sh chmod +x /<install directory>/bin/startup.sh systemctl start nxfilter fi
Amazon Linux 2
yum update -y yum install -y java-1.8.0-openjdk