Difference between revisions of "Working with SSL"
From Opentaps Wiki
Jump to navigationJump to search| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | __TOC__ | ||
| + | |||
| + | === Generating a Self Signed JKS Key === | ||
| + | |||
| + | You can create your own self signed SSL to use with opentaps.  To do so, use the keytool command.  Note that "first and last name" should be the name of your server.  For example, if you access your server as  | ||
| + |  http://localhost | ||
| + | or | ||
| + |  http://localhost:8080 | ||
| + | |||
| + | Then it should be <tt>localhost</tt>  If you use <tt>opentaps.mycompany.com</tt>, then put that as the answer to "first and last name" | ||
| + | |||
| + | <pre> | ||
| + | $ keytool -genkey -alias opentaps -keyalg RSA -keystore framework/base/config/opentaps.jks | ||
| + | Enter keystore password:  opentaps | ||
| + | What is your first and last name? | ||
| + |   [Unknown]:  localhost | ||
| + | What is the name of your organizational unit? | ||
| + |   [Unknown]:  Si Chen | ||
| + | What is the name of your organization? | ||
| + |   [Unknown]:  Open Source Strategies, Inc. | ||
| + | What is the name of your City or Locality? | ||
| + |   [Unknown]:  Los Angeles | ||
| + | What is the name of your State or Province? | ||
| + |   [Unknown]:  CA | ||
| + | What is the two-letter country code for this unit? | ||
| + |   [Unknown]:  US | ||
| + | Is CN=localhost, OU=Si Chen, O="Open Source Strategies, Inc.", L=Los Angeles, ST=CA, C=US correct? | ||
| + |   [no]:  yes | ||
| + | |||
| + | Enter key password for <opentaps> | ||
| + |         (RETURN if same as keystore password):  opentaps | ||
| + | </pre> | ||
| + | |||
| === Converting PEM to JKS Private Key === | === Converting PEM to JKS Private Key === | ||
| * key.pem is the private SSL key | * key.pem is the private SSL key | ||
| Line 22: | Line 55: | ||
| </pre> | </pre> | ||
| − | ImportKey.java can be obtained from [http://www.agentbob.info/agentbob/79-AB.html agentbob. | + | ImportKey.java can be obtained from number of sites online, including [http://www.agentbob.info/agentbob/79-AB.html agentbob.info] | 
| + | |||
| + | === Using Your JKS === | ||
| + | |||
| + | Once you have a JKS, either self signed or converted from a PEM, edit the file <tt>framework/base/config/ofbiz-containers.xml</tt>  and put in the location of your .jks file and the password.  Note that you can put the JKS file in the <tt>hot-deploy/</tt> component for your own company, instead of <tt>framework/base/config/</tt> | ||
Latest revision as of 19:51, 25 January 2010
Generating a Self Signed JKS Key
You can create your own self signed SSL to use with opentaps. To do so, use the keytool command. Note that "first and last name" should be the name of your server. For example, if you access your server as
http://localhost
or
http://localhost:8080
Then it should be localhost If you use opentaps.mycompany.com, then put that as the answer to "first and last name"
$ keytool -genkey -alias opentaps -keyalg RSA -keystore framework/base/config/opentaps.jks
Enter keystore password:  opentaps
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  Si Chen
What is the name of your organization?
  [Unknown]:  Open Source Strategies, Inc.
What is the name of your City or Locality?
  [Unknown]:  Los Angeles
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Si Chen, O="Open Source Strategies, Inc.", L=Los Angeles, ST=CA, C=US correct?
  [no]:  yes
Enter key password for <opentaps>
        (RETURN if same as keystore password):  opentaps
Converting PEM to JKS Private Key
- key.pem is the private SSL key
- cert.pem is the certificate for the SSL key
$ openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER $ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER $ javac ImportKey.java $ java ImportKey key.der cert.der Using keystore-file : /home/user/keystore.ImportKey One certificate, no chain. Key and certificate stored. Alias:importkey Password:importkey $ keytool -keystore keystore.ImportKey -storepass Enter keystore password: New keystore password: Re-enter new keystore password:
ImportKey.java can be obtained from number of sites online, including agentbob.info
Using Your JKS
Once you have a JKS, either self signed or converted from a PEM, edit the file framework/base/config/ofbiz-containers.xml and put in the location of your .jks file and the password. Note that you can put the JKS file in the hot-deploy/ component for your own company, instead of framework/base/config/
