TrackStudio Enterprise 3.1
Contents | Index
Up | Previous
Installing an SSL Certificate
Show All

The following part deals with the installation of an SSL certificate for jetty.

sectionminus.pngDescription

1) Create a keystore 

> jdk/bin/keytool -genkey -alias my-cert -keyalg RSA
        -keystore .mykeystore

When creating a certificate, you must specify keystorePassword and keyPassword 

2) Create a certificate request, CSR (into the file cert.csr) 

> jdk/bin/keytool -certreq -alias my-cert -file cert.csr
        -keystore .mykeystore

3) Send CSR to Verisign (or some other company), in response you must get a cert.crt

The following URL can be used for testing 

https://www.thawte.com/cgi/server/test.exe 

4) Convert cert.crt from PEM to DER (cert.der). You can use openssl to convert it: 

openssl x509 -in cert.crt -out cert.der –outform DER

5) Import the certificate into the keystore: 

> jdk/bin/keytool -import -alias my-cert -file cert.der -keystore .mykeystore

6) Edit jetty.xml: 

<Call name="addListener">
    <Arg>
      <New class="org.mortbay.http.SunJsseListener">
        <Set name="Port">8443</Set>
        <Set name="MinThreads">5</Set>
        <Set name="MaxThreads">100</Set>
        <Set name="MaxIdleTimeMs">30000</Set>
        <Set name="LowResourcePersistTimeMs">2000</Set>
        <Set name="Keystore"><SystemProperty name="jetty.home"
             default="."/>/.mykeystore</Set>
        <Set name="PoolName">Listener</Set>
        <Set name="Password">keystorePassword</Set>
        <Set name="KeyPassword">keyPassword</Set>
      </New>
    </Arg>
  </Call>

7) Change the protocol and port for siteURL in trackstudio.properties. 

# URL of your site. Host name and port should be correct.
# We use this address in e-mail notification messages.

trackstudio.siteURL https://localhost:8443/TrackStudio

8) Launch jetty. 

9) Open https://localhost:8443/TrackStudio

To create a self-signed certificate, do the following:

1) Create Certificate Authority. To do that, run 

perl ./CA.pl -newca

or 

./CA -newca

2) Create a certificate request: 

jdk/bin/keytool -certreq -alias my-cert -file cert.csr
        -keystore .mykeystore

3) Create a certificate 

openssl ca -config /usr/share/ssl/openssl.cnf
           -out cert.crt -infiles cert.csr

4) Verify the certificate: 

openssl verify -CAfile ./demoCA/cacert.pem cert.crt

5) Convert the certificate from PEM to DER: 

openssl x509 -in cert.crt -out cert.der -outform DER

6) Import cert.der into the keystore.

sectionminus.pngNotes

Please note that some functionality (Excel reports, Save target as... when file download, etc) will not work with demo cert under MS Internet Explorer. Use cert from certification authority (like Verisign) to solve this issue.

Topic path: Installation Guide > UNIX Installation > Installing an SSL Certificate
Copyright (c) 2002-2005. All rights reserved.
Contents | Index