SSL and Tomcat webserver embedded in other application

rstudio
ssl

#1

Hi Community,

I allmost dare not ask but after a succesfull install of R-Studio Server Pro (trial) on ubuntu 16.04 server I want to configure that R-Studio pro 'works' only secure. Now I found out that there is a rserver.conf file and I added the lines

Secure and certificates

ssl-enabled=1
ssl-certificate=/etc/ssl/certs/[domain].crt
ssl-certificate-key=/etc/ssl/certs/[domain].jks

As you can see, certificates are in place, but were done by Java. I can not find any *.key file.
Next to that, on the server an Apache Tomcat is installed (v8.5.28) but this came with the installation of an application called Talend, so it is embedded there.
Maybe I am asking it the wrong place (it could be Tomcat functionality) but does someone know how to configure R-Studio Server Pro to be secure and with a valid certificate message in the browser address bar?

Thanks in advance and kind regards,

Aad Dijksman


#2

As you poke around with your trial, the RStudio Server Pro Administrator’s Guide might be useful The chapter on Access and Security discusses SSL (under typical configurations anyway):
http://docs.rstudio.com/ide/server-pro/access-and-security.html#access-and-security


#3

Hi jcblum,

Thanks for the quick answer. I tried the settings described at given chapter of the Admin guide, but then after restarting the R-Studio server nothing comes up. The server does not start until I comment the SSL settings in rserver.conf and then after restart the R-Studio Server is alive again. So I think I am doing something wrong but after an hour of trial and error I am a bit confused.... especially because one of those SSL-settings is pointing to a key-file, but I only got a Java Keystore found?

Thanks in advance for reacting and kind regards,

Aad Dijksman


#4

Hm, maybe a good time to try out the Pro-level support you also get with your Pro trial? When you sort out the problem that way, you can still help out here by posting what the solution was, in case it helps some future searcher!


#5

No shame in asking! Thanks so much for raising the question!

I'm not 100% sure I'm following, though - where did you get the .crt and .jks files?

It sounds like it may be helpful to have an overview of SSL / HTTPS. This one looks decent:

Basically, it sounds like you need to create a key / cert. You can create one yourself (this is called a "self-signed certificate"). However, this basically amounts to "I promise I'm trustworthy!" As a result, browsers fittingly complain that this type of certificate is not secure.

The better approach is:

  • If your server is behind a firewall or on a company VPN, then the company probably has what is called a certificate authority. This is a digital entity / service that vouches for websites (a trustworthy entity that says "I know this individual. You can trust them."). Your IT team should be able to provide you with the .crt and .key files

  • If your server has a domain on the open internet, there are certificate authorities that exist on the web. In this case, you have to buy a certificate (the article shares a few places that you can do that). Usually, the service that sold your domain (i.e. Namecheap) can provide such a service.

As @jcblum said, though, definitely feel free to ping support@rstudio.com . Even during the Pro trial, you have full access to the RStudio support team. Also feel free to post here, though! This has the benefit of being a shared resource that others can access if they run into the same issue :smile: