Skip to content

Mideye Server 4 SSL/TLS Certificate Management

Mideye Server uses HTTPS to secure the Web Admin interface. By default, a self-signed certificate is generated during installation. This guide explains how to replace it with a CA-signed certificate or configure client certificate authentication.

Use this guide to:

  • Generate a new self-signed certificate
  • Replace the default certificate with a CA-signed certificate (PFX or JKS format)
  • Enable client certificate authentication for Web Admin access
  • Troubleshoot certificate and HTTPS issues

Mideye Server includes a self-signed certificate for HTTPS. To regenerate it, run this command from the Mideye Server bin directory:

Terminal window
MideyeWebConfig configure server

Two certificate formats are supported:

FormatBest ForFile Extension
PFX/PKCS12Windows environments, IIS-generated certificates.pfx, .p12
JKS/JCEKSJava keystores, existing enterprise PKI.jks, .keystore

Use this method if you have a Windows CA or need to generate a certificate via IIS.

  1. Open Internet Information Services (IIS) Manager
  2. Select the server root and open Server Certificates

IIS Manager - Server Certificates feature

  1. Click Create Domain Certificate in the Actions panel
  2. Enter the certificate details:
    • Common name: FQDN of the Web Admin URL (e.g., mideye.company.com)
    • Fill in Organization, City, State, Country
  3. Click Next

Certificate request wizard - entering common name and organization details

  1. Select your Certificate Authority and enter a Friendly name
  2. Click Finish

Selecting CA server and friendly name for the certificate

Step 2: Export and Install the Certificate

Section titled “Step 2: Export and Install the Certificate”
  1. Right-click the certificate and select Export
  2. Set a password (you’ll need this for server.xml)
  3. Save the file
  4. Copy the PFX file to:
    C:\Program Files (x86)\Mideye Server\certificates\<filename>.pfx
  1. Backup server.xml before editing:

    C:\Program Files (x86)\Mideye Server\webserver\conf\server.xml
  2. Open server.xml with a text editor (run as Administrator)

  3. Find the <Connector port="8443"...> section at the end of the file

  4. Replace the keystore configuration:

    Original (self-signed):

    truststorePass="hN+JeFqq5hSsNaw" sslEnabledProtocols="TLSv1.2"
    keystoreFile="C:\Program Files (x86)\Mideye Server\certificates\webserver_https.keystore"
    truststoreFile="C:\Program Files (x86)\Mideye Server\certificates\webserver_https.keystore"
    keystorePass="hN+JeFqq5hSsNaw" maxThreads="150"
    useServerCipherSuitesOrder="true" clientAuth="false">

    New (PFX certificate):

    sslEnabledProtocols="TLSv1.2"
    keystoreFile="C:\Program Files (x86)\Mideye Server\certificates\<your-cert>.pfx"
    keystoreType="PKCS12"
    keystorePass="<your-password>"
    maxThreads="150" useServerCipherSuitesOrder="true" clientAuth="false">
  5. Restart the Apache TomEE service


Use this method if you have an existing Java keystore.

  1. Backup the existing keystore:

    C:\Program Files (x86)\Mideye Server\certificates\webserver_https.keystore
  2. Replace the keystore file with your custom certificate, naming it webserver_https.keystore

  3. Edit server.xml:

    • Location: C:\Program Files (x86)\Mideye Server\webserver\conf\server.xml
    • Find <Connector port="8443"...>
    • Update truststorePass and keystorePass with your keystore password
  4. Restart the Apache TomEE service


For additional security, you can require administrators to present a client certificate when accessing the Web Admin. This provides mutual TLS (mTLS) authentication.

  1. Open Command Prompt and navigate to the Mideye Server installation directory

  2. Run:

    Terminal window
    MideyeWebConfig configure client
  3. The command creates:

    C:\Program Files (x86)\Mideye Server\certificates\client.p12
  4. Note the password displayed in the command prompt, you’ll need it to import the certificate

  5. Restart the Apache TomEE service

Each administrator must import client.p12 into their browser:

BrowserImport Location
Chrome/EdgeSettings → Privacy and security → Security → Manage certificates
FirefoxSettings → Privacy & Security → Certificates → View Certificates → Import

StepAction
1Verify Apache TomEE service is running
2Restart the TomEE service
3Open Configuration Tool → Database Connection → click SaveClose
4Restart Mideye services
5Clear browser cache and retry

Windows:

Terminal window
netstat -aon | find /i "8443"

Linux:

Terminal window
netstat -tnlp | grep 8443

If port 8443 is not listed, the TomEE service failed to start or the certificate is invalid.

If the Web Admin stops working after an upgrade:

  1. Generate a new self-signed certificate:
    Terminal window
    MideyeWebConfig configure server
  2. Restart Apache TomEE
  3. Re-apply any custom certificates if needed