Skip to main content

Enabling HTTPS

To support HTTPS for the web UI, Striim needs an SSL certificate. Striim ships with a self-signed certificate and is configured to use it, or you may set up your own certificate as follows.

  1. If you do not have .key and .crt files, generate them as described in Creating a Self-Signed Certificate With OpenSSL.

  2. If you do not have a .pkcs12 file, generate one using OpenSSL (replace each myfile with the names of your files):

    openssl pkcs12 -inkey myfile.key -in myfile.crt -export -out myfile.pkcs12

  3. Use the following command to generate a keystore containing the certificate from the .pkcs12 file (replace myfile with your certificate name)::

    keytool -importkeystore -srckeystore myfile.pkcs12 -srcstoretype PKCS12 -destkeystore myfile.jks

Alternatively, see Generate Keys to create a new self-signed certificate. In some browsers, these may trigger warnings about untrusted certificates.

Once the certificate is in Striim's environment, edit startUp.properties and set HttpsKeystorePath to the path to the keystore created by keytool, for example, HttpsKeystorePath=/opt/Striim/myfile.jks. Then run the following commands (in Windows, use sksConfig.bat):

striim/bin/sksConfig.sh -x <storepass value>
striim/bin/sksConfig.sh -y <keypass value>

If the value contains special characters, enclose it in single quotes, for example, striim/bin/sksConfig.sh -x '!xyz51243'.

If you did not specify a keypass, use the storepass value instead (see Generate Keys for more information).

Upgrading your HTTPS configuration for Striim 5.x

After upgrading to Striim 5.x from 4.x, do the following:

  1. Edit startUp.properties, delete the HttpsKeystorePassword and HttpsKeystoreManagerPassword entries, and save the file.

  2. Run the two sksconfig.sh commands shown above.

  3. Restart Striim (see Starting and stopping Striim Platform).