Skip to main content
Help Center

Additional server configurations

Supplementary configurations for the on-premises installation: importing an SSL certificate into the Java truststore, OAuth 2.0 for Microsoft 365 mail accounts, and installing Tomcat 9 manually under Debian 12.

Prerequisites

  • A running teamspace installation
  • Administrator rights on the server

This article bundles supplementary server configurations that are needed depending on your environment: importing an SSL certificate into the Java truststore, the OAuth 2.0 connection for Microsoft 365 mail accounts, and the manual Tomcat 9 installation under Debian 12.

Importing an SSL certificate into the Java truststore

In some cases, an SSL certificate must be imported into the Java truststore – for example with an LDAP-over-SSL connection (see Connecting LDAP login). Without the certificate, the encrypted connection is not possible.

The default keystore resides in the Java directory at:

  • Linux: /lib/security/cacerts
  • Linux (alternative): /usr/lib/jvm/java-17-openjdk-amd64/lib/security/cacerts
  • Windows: C:\Program Files\Java\jre1.8.0_221\lib\security\cacerts

The password for the default keystore is changeit.

List the certificates:

keytool -list -keystore cacerts

Import a certificate:

keytool -keystore cacerts -importcert -alias [enter name] -file [enter name].cer

Confirm the prompt asking whether you trust the certificate with Yes.

Alternatively, you can edit, import and export the truststore graphically with the tool Portecle (homepage, download). The procedure is the same on Windows – only the paths differ.

OAuth 2.0 login – Microsoft 365 mail accounts

So that OAuth 2.0 can be used for Microsoft 365 mail accounts, your URL must be added to our whitelist. To do this, send us your URL. The associated oauth2Gateway.url is set in the web.xml (for projectfacts https://www.projectfacts.de, for teamspace https://www.teamspace.de).

If you have any questions or need support, contact support@projectfacts.de.

Installing Tomcat 9 manually under Debian 12

Under Debian 12, no Tomcat 9 is provided from the repository. If Tomcat 9 is required, install it manually.

Install Java 17

If not already present:

apt update && apt install openjdk-17-headless

Check the installation:

java -version

Create the user and group

groupadd tomcat9 && useradd -s /bin/false -g tomcat9 -d /opt/tomcat tomcat9

Download and unpack Tomcat 9

Download the desired version from the official archive page:

cd /tmp && wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.98/bin/apache-tomcat-9.0.98.tar.gz
mkdir /opt/tomcat && tar xzvf apache-tomcat-*.tar.gz -C /opt/tomcat

Adjust permissions

cd /opt/tomcat && chown -R tomcat9:tomcat9 /opt/tomcat/apache-tomcat-9.0.98
ln -s /opt/tomcat/apache-tomcat-9.0.98 /opt/tomcat/live

Create the systemd file

Find the JAVA_HOME path:

update-java-alternatives -l

Create the file /etc/systemd/system/tomcat.service and adjust the JAVA_HOME path:

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/default-java
Environment=CATALINA_PID=/opt/tomcat/live/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/live
Environment=CATALINA_BASE=/opt/tomcat/live
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

User=tomcat9
Group=tomcat9
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target
  • JAVA_HOME: enter the Java path you determined.
  • CATALINA_OPTS: adjust the RAM requirement here.

Reload the daemon, enable the Tomcat and check the status:

systemctl daemon-reload && systemctl enable --now tomcat && systemctl status tomcat

Tomcat 9 is now installed and resides at /opt/tomcat.