« Overview of Network Security Measures   |   Configuring Connection via Proxy Server »
In fusion_place cloud, SSL is supported by default, so the following steps are not required.

Configuring SSL Usage (On-Premises)

This manual is in pilot operation.

As explained in the System Structure section, fusion_place runs on a Tomcat application server. Since Tomcat supports SSL, by preparing an SSL server certificate and appropriately modifying the Tomcat configuration files, you can enable SSL communication for fusion_place.

Server-side Configuration

1. When Enabling SSL on the fusion_place Server

In this case, modify the settings of the Tomcat used by fusion_place to support SSL.

(1) Deploying the SSL Server Certificate

Create a "keystore" file that incorporates the SSL server certificate and place it on a drive accessible from the server machine. For instructions on creating a keystore, refer to documentation related to Java and Tomcat. When preparing the SSL server certificate, please note the following:

  • The certificate must be issued, either directly or indirectly, by a certification authority (CA) that is registered as a "Trusted Root Certification Authority" in the Internet Options of Windows and in Java on each client.

  • The "Common Name (CN)" in the certificate must match the server host name. For example, if the host name is fusionplace.xxxxx.com, the common name must also be the same. However, by using a "wildcard certificate," you can set part of the common name as * to match any string.

(2) Modifying the Tomcat Configuration File

Modify Tomcat’s configuration file, server.xml, to support SSL. For the location of server.xml, refer to "Location for Recording Installation Information". The contents of server.xml are in XML format, and by modifying the Connector element for SSL, you can enable SSL. For the details of these modifications, refer to Tomcat documentation. Below is an example modification of the Connector element (the following is included, commented out, in the server.xml created during installation):

…example modification…

  <Connector

    protocol="org.apache.coyote.http11.Http11NioProtocol" server="fusion_place" executor="fpThreadPool"
    maxPostSize=" -1" enableLookups="false" acceptCount="100" connectionTimeout="600000"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="..." keystorePass="..." keyAlias="..."
    clientAuth="false" sslProtocol="TLS" port="..."/>

Note: Set the port number for port, the name (path) of the keystore file containing the SSL certificate for keystoreFile, and the password for keystorePass.
For keyAlias, specify the alias (identifier in the keystore) of the certificate applied to this server.

2. When Placing a Web Server or Similar in Front of the fusion_place Server and Enabling SSL on That Server

In this case, communication between the web server and the Tomcat server running fusion_place will be via standard HTTP, so basically no configuration for SSL communication itself is needed on the fusion_place side.

However, in this case, for the fplp file (client program launch file) sent from the fusion_place server to the client, the scheme (protocol) at the beginning of the fusion_place server URL must be https:, not http:.

To achieve this, add the following line to server.xml, alongside other Environment elements. The order is arbitrary.

  <Environment name="fusionplace/server_force_https" type="java.lang.Boolean" value="true" />

With this setting, even if the protocol between the web server and fusion_place is http, the scheme in the URL within the fplp file returned by fusion_place will be https.

Client-side Configuration

On the client PC, enabling SSL support is simply a matter of changing the target URL to one that starts with "https:". The target may be specified in the following locations:

  • The URL of the fusion_place menu page

  • If using shortcuts to launch [Manager] or [Browser], the URL referenced by those shortcuts

  • The server URL specified in the "Connection Settings" of [Excel-Link]