TrackStudio Enterprise 3.5
Installing an SSL Certificate

The following topic describes how to install an SSL certificate for jetty.

To install SSL certificate for jetty:
  1. Create a keystore using keytool, supplied with the Sun JDK. When creating a certificate, you must specify keystorePassword and keyPassword.
> jdk/bin/keytool -genkey -alias my-cert -keyalg RSA
        -keystore .mykeystore
  1. Create a Certificate Request "CSR", into the file cert.csr.
> jdk/bin/keytool -certreq -alias my-cert -file cert.csr
        -keystore .mykeystore
  1. Send your CSR to a Certificate Authority such as Verisign or XRamp, and purchase a SSL certificate. The CA will return a cert.crt file to you. The following URL can be used for testing https://www.thawte.com/cgi/server/test.exe
  2. Convert cert.crt from PEM to DER (cert.der). You can use openssl to convert it:
openssl x509 -in cert.crt -out cert.der –outform DER
  1. Import the certificate into the keystore:
> jdk/bin/keytool -import -alias my-cert -file cert.der -keystore .mykeystore
  1. Edit jetty.xml:
<Call name="addListener">
    <Arg>
      <New class="org.mortbay.http.SunJsseListener">
        <Set name="Port">8443</Set>
        <Set name="MinThreads">5</Set>
        <Set name="MaxThreads">100</Set>
        <Set name="MaxIdleTimeMs">30000</Set>
        <Set name="LowResourcePersistTimeMs">2000</Set>
        <Set name="Keystore"><SystemProperty name="jetty.home"
             default="."/>/.mykeystore</Set>
        <Set name="Password">keystorePassword</Set>
        <Set name="KeyPassword">keyPassword</Set>
      </New>
    </Arg>
  </Call>
  1. Change the protocol and port for siteURL in trackstudio.properties.
# URL of your site. Host name and port should be correct.
# We use this address in e-mail notification messages.

trackstudio.siteURL https://localhost:8443/TrackStudio
  1. Launch jetty.
  2. Open https://localhost:8443/TrackStudio
To create a self-signed certificate:
  1. Create a Certificate Authority by running:
perl ./CA.pl -newca

or

./CA -newca
  1. Create a certificate request:
jdk/bin/keytool -certreq -alias my-cert -file cert.csr
        -keystore .mykeystore
  1. Create a certificate:
openssl ca -config /usr/share/ssl/openssl.cnf
           -out cert.crt -infiles cert.csr
  1. Verify the certificate:
openssl verify -CAfile ./demoCA/cacert.pem cert.crt
  1. Convert the certificate from PEM to DER:
openssl x509 -in cert.crt -out cert.der -outform DER
  1. Import cert.der into the keystore.

Please note that some functionality (Excel reports, Save target as... when file download, etc) will not work with a demo cert under MS Internet Explorer. Use a certificate from a Certificate Authority such as Verisign or XRamp to solve this issue.