From Michael's Information Zone
Jump to navigation Jump to search


Install Custom Cert


How do I apply my own SSL certificate?
We use an embedded Tomcat 7.x as the built-in webserver for NxFilter. If you want to apply your own SSL certificate with Tomcat there are two parameters you need to set in Tomcat config file. One is 'keystoreFile' and the other one is 'keystorePass'. However, we don't have a separated config file for Tomcat. We use '/nxfilter/conf/cfg.properties' file to set these parameters.
keystore_file = conf/myown.keystore
keystore_pass = 123456
* About how to build keystore file, read Tomcat manual.


To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool. Note that OpenSSL often adds readable comments before the key, but keytool does not support that. So if your certificate has comments before the key data, remove them before importing the certificate with keytool.

To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
                        -out mycert.p12 -name tomcat -CAfile myCA.crt
                        -caname root -chain

Update Shallalist

This script assumes you have a systemd entry for nxfilter called nxfilter. Also you will need to add the following to the end of your update.sh script "systemctl start nxfilter"

NOTE : Edit to fit your environment

systemctl stop nxfilter
state=$(systemctl --all | grep nxfilter)
if grep -q running <<< $state; then
#echo "Still Running"
sleep 5
exec /<script location>/nxupdate.sh
cd /<installdirectory>/bin/
exec /<installdirectory>/bin/update_sh.sh

Systemd Unit File

Make sure to modify the unit file to fit your environment.

Description=NXFilter startup script




Copy the URL from the NXFilter site to use with the script
nxupgrade.sh https://nxfilter......

wget "$1" &> /tmp/wgetnxfilter
grep "Saving to:" /tmp/wgetnxfilter > /tmp/wgetnxfilter2
sed -i "s/\’//" /tmp/wgetnxfilter2
sed -i "s/\‘//" /tmp/wgetnxfilter2
rm -f /tmp/wgetnxfilter
sed -i 's/^Saving\ to:\ //' /tmp/wgetnxfilter2
zip=$(cat /tmp/wgetnxfilter2)
rm -f /tmp/wgetnxfilter2
echo "The version downloaded is $zip. Do you want to continue?"
read -s answer
if [ "$answer" != "y" ]; then
	exit 1
	systemctl stop nxfilter
	unzip $zip
	echo "systemctl start nxfilter" >> /<install directory>/bin/update_sh.sh
	chmod +x /<install directory>/bin/update_sh.sh
	chmod +x /<install directory>/bin/shutdown.sh
	chmod +x /<install directory>/bin/startup.sh
	systemctl start nxfilter

Amazon Linux 2

yum update -y
yum install -y java-1.8.0-openjdk