Previous Topic: Mutual (Two-Way) AuthenticationNext Topic: Using Kerberos Authentication

AdministeringSecurityUsing HTTPS Communication with the DevTest Console

Using HTTPS Communication with the DevTest Console

Complete the following tasks to enable HTTPS communication with the DevTest Console.

  1. Generate a New Key Pair and Certificate
  2. Copy the New Keystore to LISA_HOME
  3. Update lisa.webserver Properties

 

Generate a New Key Pair and Certificate

The simplest way to generate keys and certificates is to use the keytool application that comes with the JDK. This application generates keys and certificates directly into the keystore.

For more information, see http://wiki.eclipse.org/Jetty/Howto/Configure_SSL.

Follow these steps:

  1. Open a command prompt window.
  2. Type the following command: 
    cd JAVA_HOME\bin
  3. Type the following command: 
    keytool -keystore keystore -alias jetty -genkey -keyalg RSA

    Note: You must use jetty as the alias.

    This command prompts you for information about the certificate and for passwords to protect both the keystore and the keys within it.

  4. Complete the following prompts.
    Enter the keystore password:

    The password is case-sensitive. The text of your password does not display.

    Re-enter new password:

    The password is case-sensitive. The text of your password does not display.

    What is your first and last name?
      [Unknown]:

    Enter the same machine name that is used in the registry name. Normally, this is the unqualified host name of the server. For example, for a machine named jetty.eclipse.org, you would enter jetty.eclipse.org.

    However, it is possible to start the registry with the -m command line parameter, using an IP address or a fully qualified host name. In these cases, the host name in the SSL certificate must match to prevent certificate errors in the web browser.

    Note: This is the only mandatory prompt.

    What is the name of your organizational unit?
      [Unknown]:
    What is the name of your organization?
      [Unknown]:
    What is the name of your City or Locality?
      [Unknown]:
    What is the name of your State or Province?
      [Unknown]:
    What is the two-letter country code for this unit?
      [Unknown]:

    A confirmation of your entries displays.

  5. Type yes to confirm.

    The following prompt displays.

    Enter key password for <jetty>
      <RETURN if same as keystore password>:
  6. Press Enter.

    The utility creates a new file named keystore in the current directory.

 

Copy the New Keystore to LISA_HOME

Follow these steps:

  1. Copy the new keystore file to your LISA_HOME directory.
  2. Rename the keystore file to webserver.ks.

    Note: webserver.ks is the default file specified in the lisa.properties file. If you want to use a different file name, open lisa.properties and modify the lisa.webserver.ssl.keystore.location property to reflect the correct path and file name. For more information, see Update Webserver Properties.

 

Update Webserver Properties

Follow these steps:

  1. Open the local.properties file in your LISA_HOME directory.
  2. Add the following properties to this file. 
    # enable https and setup the webserver ssl keystore
 lisa.webserver.https.enabled=true
 lisa.webserver.ssl.keystore.location={{LISA_HOME}}webserver.ks
 lisa.webserver.ssl.keystore.password=yourpassword
 lisa.webserver.ssl.keymanager.password=yourpassword
 lisa.webserver.port=8443
# should lisa workstation use https when launching the portals?
 lisa.portal.use_https=true
 lisa.portal.url.prefix=http://
  3. Modify each property to specify the correct value.
    lisa.webserver.https.enabled

    Set this property to true to use HTTPS with the DevTest Console.

    lisa.webserver.ssl.keystore.location

    The default value for this property is {{LISA_HOME}}webserver.ks. Modify this value if you want to use a keystore file with a different name or in a different directory.

    lisa.webserver.ssl.keystore.password

    Set this property to the password you defined when generating your keystore file.

    lisa.webserver.ssl.keymanager.password

    Set this property to the key manager password you defined when generating your keystore file. Unless you specified a different password, this password is the same as your keystore password.

    lisa.webserver.port

    Setting this property is optional, but the default port for HTTPS is 8443.

    lisa.portal.url.prefix

    Change the value for this property from http:// to https://.

    Note: The first time the system reads the passwords in this local.properties, it converts the password to an encrypted property.

  4. Save your changes and close local.properties.
  5. Restart the registry.