TrackStudio 3.0 Documentation
How to Install an SSL Certificate.

The following part deals with the installation of an SSL certificate for jetty.

1) Create a keystore

keytool -genkey -alias my-cert -keyalg RSA
        -keystore .mykeystore

When creating a certificate, you must specify keystorePassword and keyPassword 

2) Create a certificate request, CSR (into the file cert.csr)

keytool -certreq -alias my-cert -file cert.csr
        -keystore .mykeystore

3) Send CSR to Verisign (or some other company), in response you must get a cert.crt

The following URL can be used for testing 

https://www.thawte.com/cgi/server/test.exe 

4) Convert cert.crt from PEM to DER (cert.der). You can use openssl to convert it:

openssl x509 -in cert.crt -out cert.der –outform DER

5) Import the certificate into the keystore:

keytool -import -alias my-cert -file cert.der -keystore .mykeystore

6) Edit jetty.xml:

<Call name="addListener">
    <Arg>
      <New class="org.mortbay.http.SunJsseListener">
        <Set name="Port">8443</Set>
        <Set name="MinThreads">5</Set>
        <Set name="MaxThreads">100</Set>
        <Set name="MaxIdleTimeMs">30000</Set>
        <Set name="LowResourcePersistTimeMs">2000</Set>
        <Set name="Keystore"><SystemProperty name="jetty.home"
             default="."/>.mykeystore</Set>
        <Set name="PoolName">Listener</Set>
        <Set name="Password">keystorePassword</Set>
        <Set name="KeyPassword">keyPassword</Set>
      </New>
    </Arg>
  </Call>

7) Change the protocol and port for siteURL in trackstudio.properties.

# URL of your site. Host name and port should be correct.
# We use this address in e-mail notification messages.

trackstudio.siteURL https://localhost:8443/TrackStudio

8) Launch jetty. 

9) Open https://localhost:8443/TrackStudio 

 

To create a self-signed certificate, do the following: 

1) Create Certificate Authority. To do that, run

perl ./CA.pl -newca

or

./CA -newca

2) Create a certificate request:

keytool -certreq -alias my-cert -file cert.csr
        -keystore .mykeystore

3) Create a certificate

openssl ca -config /usr/share/ssl/openssl.cnf
           -out cert.crt -infiles cert.csr

4) Verify the certificate:

openssl verify -CAfile ./demoCA/cacert.pem cert.crt

5) Convert the certificate from PEM to DER:

openssl x509 -in cert.crt -out cert.der -outform DER

6) Import cert.der into the keystore.

Please note that some functionality (Excel reports, Save target as... when file download, etc) will not work with demo cert under MS Internet Explorer. Use cert from certification authority (like Verisign) to solve this issue.

Copyright (c) 2002-2004. TrackStudio, Ltd. All rights reserved.