Health Care

Replacing SSL certificates in Mirth [EC-2 Linux system]

Before you start

  1. Before starting to set up or replace the SSL / TLS certificate in mirth, you will need to understand the existing setup of mirth and important path, filenames on linux system, which get installed during the Mirth setup.   
      1. The default SSL certificate path of mirth on linux system is – /opt/mirthconnect/apps/
      2.  Another important folder is /opt/mirthconnect/conf/ which contains the mirth configuration file.
      3. There are two important files in mirth –
            1. Keystore.jks – The SSL certificate file, by default its self-signed certificate provided by mirth.
            2. – The configuration file of the mirth, which contain the path of certificate and keystore. keypass
  2. This is highly recommended to not to do on production server, unless you confirm or test it with staging or development environment.
  3. Please ensure that you take a backup of the important files or folders before you start replacing SSL certificate activity.
  4. Please ensure that you have your certificate in “.JKS” (its also called as “JCEKS” file) format.
  5. Portecle or keytool applications that allows to convert or import the “.JKS” keystore file.
  6. SFTP or FTP login of the EC-2 linux instance in order to copy the required files from the instance.
  7. Putty or any SSH tool to login to EC-2 linux system.

On the Primary

  1. First login to the EC-2 linux system using SSH or putty (As I’m on windows machine, so using putty tool) and go to – /opt/mirthconnect/apps/ -> create a backup file of keystore.jks.ssl_1.png
  2. Confirm the keystore path and keystore keypass from the /opt/mirthconnect/conf/ file.ssl_2.png
  3. The important information from the file i.e. keystore configuration of mirth. – (This is highly recommended to do not change or modify any in the file)ssl_3.png
  4. Once the backup process is completed then the next step is to download the keystore.jks file to local server using SFTP or FTP tool.ssl_4.png
  5. Open Portecle tool on your local machine and navigate to folder where ‘keystore.jks’ file is present. (The file which you copied from EC-2 to local).ssl_5.png
  6. Once you click on Open the next widow will open and ask you for a keyPass (Password). Enter keytStore Password from Mirth.Properties file and click on OK.ssl_6.png
  7. Then you can see two files ‘encryption’ and ‘mirthconnect’. Next step is you should delete ‘mirthconnect’ file. (Which is self-signed certificate file of Mirth Connect)ssl_7.png
  8. Next step is you should import your SSL certificate. Click on ‘Import Key Pair’ -> Navigate to your SSL certificate folder and select certificate file -> Click on ‘Choose’.ssl_8.png
  9. Next widow will open and ask you for Password. Here you should Enter Password which you have given at the time of creating your SSL certificate.ssl_9.png
  10. Enter Password and Click on ‘OK’. Select Key pair -> Click on ‘OK’.ssl_10.png
  11. Give Alias name as ‘mirthconnect’-> click on ‘OK’.ssl_11.png
  12. It will ask for New Password. Enter default mirth keystore password. (Password from /opt/mirthconnect/conf/ -> Click on ‘OKssl_12.png
  13. Successful Import Key Pairssl_13.png
  14. Save the keystore.ssl_14.png
  15. After replacing the keystore file on local server, the next step is to upload / replace the keystore file to same location of mirth connect on EC-2 linux server (/opt/mirthconnect/apps) and overwrite the existing file with the new keystore file.ssl_15.png
  16. Finally, restart the mirth connect services using standard commands to apply new changes of SSL certificate.ssl_16.png
  17. Access your mirth connect using https and using given port for.e.g 8443.ssl_17.png

Written by Amit Bhandari, Project Lead at zCon Solutions 


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s