DimensioN is based on JBoss, So SSL on JBoss should also be the same, but i can't guarantee
To Enable SSL in DimensioN.
For development
Step 1: keytool -genkey -alias [alias name] -keypass [password] -keyalg RSA -keystore [keystore name]
to get ssl certificate from issuing authorities.
Perform the steps to generate the key , CSR and install SSL certificate. (ref:1)
STEP 1 : keytool -genkey -keyalg RSA - alias [alias name] -keystore [keystore name] (use the password same as alias.)
STEP 2 : keytool -list -keystore [keystore name]
STEP 3 : keytool -certreq -alias [alias name] -keyalg RSA -file certreq.csr -keystore [keystore name]
STEP 4 : keytool -import -alias [alias name] -trustcacerts -file [downloaded certificate name] -keystore [keystore name]
for eg:
STEP 1 : keytool -genkey -keyalg RSA - alias tomcat -keystore dimension.keystore (use the password same as alias.)
STEP 2 : keytool -list -keystore dimension.keystore
STEP 3 : keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore dimension.keystore
STEP 4 : keytool -import -alias tomcat -trustcacerts -file mysignedcert.crt -keystore dimension.keystore
Use the CSR file which is generated after step 3 to apply for the SSL certificate from the concerned authorities. apply step 4 with the file which you get back from the signing authority.
If after doing this procedure, if you still get the error that is a self signed certificate, then the certificate you have downloaded is not in PKCS#7 format.(ref:3) you will have to create a chain certificate from the one which you have. The procedure to follow in windows is as follows.(ref:2)
1. Double click on the .crt file, which you had downloaded.
2. Click on the Details Tab at the top
3. Click on 'Copy to file'
4. Click 'Next'
5. Tick the third option: "Cryptographic Message Syntax Standard - PKCS#7 Certificates (.P7B)".
also tick "Include all certificates in the certification path if possible"
6. Click 'Next'
7. Select a file name or browse to a path where you'd like to save this chained certificate.
8. Click 'Next'
9. Click 'Finish'
10. Your export should be successful, then click 'OK'.
configuration in DimensioN:
Step 1 : copy the generated keystore to [DimensioN_Server_install_Directory]\DimensionServer\server\default\conf
Step 2 : open server.xml file in [DimensioN_Server_install_Directory]\DimensionServer\server\default\deploy\jbossweb-tomcat50.sar
Step 3 : find the below section in that file.
<! - - < port="8443" address="${jboss.bind.address}" maxthreads="100"
minsparethreads="5" maxsparethreads="15" scheme="https" secure="true"
clientauth="false" keystorefile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorepass="rmi+ssl" sslprotocol = "TLS"> - - >
remove the comments by removing the < ! - - and -- > from the beginning and end of the section.
give the keystore name in the line
keystoreFile="${jboss.server.home.dir}/conf/[keystore name]"
give the keystore password in the line
keystorePass="[keystore password]"
Step 4 : find the below section in that file
< Connector port="6666" address="${jboss.bind.address}"
maxThreads="150" maxHttpHeaderSize="8192"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" compression="on"
compressableMimeType="text/csv"/ >
comment out this section by adding < ! - - and - - > at the beginning and end of the section respectively.
Step 5 : Start the DimensioN server. now you should be able to access it via the url https:\\localhost:8443.
you can even set the connector port to 443, so that you can call the url as https:\\localhost.
ref:
(1) https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=S:SO3143&actp=search&searchid=1240204108338
(2) https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=S:SO2995&actp=search&searchid=1240199136843
(3) http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
I know this is ugly. i promise to clean this up and write it properly once i get some time.
No comments:
Post a Comment