Unimus
Page tree

Versions Compared

Old Version 6

changes.mady.by.user Tomas Kirnak

Saved on

compared with

New Version Current

changes.mady.by.user Ales Deak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you with want to connect to Unimus using HTTPS with a self-signed cert, you can use these instructions.

On

...

Windows

Generate self-signed cert:

Code Block
languagepowershell
set JAVA_HOME=/usr/lib/jvm/java-8-oracle/jre/
KEYTOOL=$JAVA_HOME/bin/keytool
 
cd /opt/unimus
$KEYTOOL C:\Program Files\Unimus\jre17
set KEYTOOL=%JAVA_HOME%\bin\keytool

cd "C:\Program Files\Unimus"
"%KEYTOOL%" -genkey -alias Unimusunimus -storetype PKCS12 -keyalg RSA -keysize 2048 -validity 3650 -storetype PKCS12 -keystore unimus.keystore.p12 -validity 3650

Change JAVA_HOME to properly reflect the path to your JRE.
The default value will work for Oracle JRE, but for OpenJDK JRE it will be different.

During the cert generation, you will be asked for the keystore password.
Input the password you with wish to use (the keystore will be generated with such password) - you will need it in the next step.

After the cert was generated, you will need to configure Unimus to use it.

Edit '/etc/default/unimus', and add the following commands:

...

For portable:
Create a file named Unimus.l4j.ini in the same directory as the Unimus executable.
Change Unimus in the above file name to exactly match the name of the Unimus executable.

For installer:
Add the below lines to Unimus.l4j.ini in 'C:\Program Files\Unimus\'.

Inside of this configuration file, please add the following lines:

Code Block
languagetext
-Dserver.ssl.key-store=/opt/unimus/unimus.keystore"C:\\Program Files\\Unimus\\unimus.keystore.p12"
-Dserver.ssl.key-store-password=[insert password here] keyStoreType=PKCS12
-Dserver.ssl.keyStoreTypekeyAlias=PKCS12unimus
-Dserver.ssl.keyAlias=Unimuskey-store-password="[insert password here]"

Please make sure to place each argument into its own line.

Replace '[insert password here]' with the password you used for keystore creation.
Please note special character requirements in the Notes And Tips section.

Restart the Unimus service, and it should be available only over HTTPS on port 8443.

On

...

Linux

Generate self-signed cert:

set
Code Block
languagetext
JAVA_HOME=C:\Program Files\Java\jre1.8.0_141
set KEYTOOL=%JAVA_HOME%\bin\keytool


cd "C:\Program Files\Unimus"
"%KEYTOOL%" /usr/lib/jvm/java-17-openjdk-amd64
KEYTOOL=$JAVA_HOME/bin/keytool
 
cd /opt/unimus
$KEYTOOL -genkey -alias Unimusunimus -storetype PKCS12 -keyalg RSA -keysize 2048 -validity 3650 -storetype PKCS12 -keystore unimus.keystore.p12 -validity 3650

Change JAVA_HOME to properly reflect the path to your JRE.
The default value will work for Oracle JRE, but for OpenJDK JRE it will be different.

...

After the cert was generated, you will need to configure Unimus to use it.

Edit 'C:\Program Files\Unimus\Unimus.l4j.ini/etc/default/unimus', and add the following commands, one per line:

Code Block
languagetext
-Dserver.port=8443ssl.key-store=/opt/unimus/unimus.keystore.p12 -Dserver.ssl.key-storekeyStoreType=PKCS12 -Dserver.ssl.keyAlias=unimus.keystore -Dserver.ssl.key-store-password=[insert password here]

Replace '[insert password here]' with the password you used for keystore creation.

Note: When running Unimus in Docker, add the Java parameters to your docker-compose file and persist the volume containing the keystore file to ensure the SSL certificate is retained if the container is restarted or recreated:

Code Block
languagetext
services:
  unimus:
    image: croc/unimus
    environment:
      - 'JAVA_OPTS=-Dserver.ssl.key-store=/opt/unimus/unimus.keystore.p12 -Dserver.ssl.keyStoreType=PKCS12 -Dserver.ssl.keyAlias=Unimus

...

unimus -Dserver.ssl.key-store-password=[insert password here]'

...


    volumes:
      - './unimus:/opt/unimus'

Restart the Unimus service , and it should (or container). After startup, Unimus will be available over HTTPS on port 8443HTTPS.

 

Notes and tips

Important note: please be careful if the keystore password contains the # or % character.

# is used as a comment, so a password containing it will not be fully read from the configuration.
You can enclose the password in " (double quotes) if you wish to use # as a part of the password.

On Windows, % is used for variable expansion. If you are using the % character as part of your keystore password, you need to escape it using another %.
So in effect, if your keystore password is "123%", you would write it as "123%%" into the Unimus.l4j.ini file.