Working with SSL
From Opentaps Wiki
Jump to navigationJump to searchGenerating a Self Signed JKS Key
You can create your own self signed SSL to use with opentaps. To do so, use the keytool command. Note that "first and last name" should be the name of your server. For example, if you access your server as
http://localhost
or
http://localhost:8080
Then it should be localhost If you use opentaps.mycompany.com, then put that as the answer to "first and last name"
$ keytool -genkey -alias opentaps -keyalg RSA -keystore framework/base/config/opentaps.jks
Enter keystore password:  opentaps
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  Si Chen
What is the name of your organization?
  [Unknown]:  Open Source Strategies, Inc.
What is the name of your City or Locality?
  [Unknown]:  Los Angeles
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Si Chen, O="Open Source Strategies, Inc.", L=Los Angeles, ST=CA, C=US correct?
  [no]:  yes
Enter key password for <opentaps>
        (RETURN if same as keystore password):  opentaps
Converting PEM to JKS Private Key
- key.pem is the private SSL key
- cert.pem is the certificate for the SSL key
$ openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER $ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER $ javac ImportKey.java $ java ImportKey key.der cert.der Using keystore-file : /home/user/keystore.ImportKey One certificate, no chain. Key and certificate stored. Alias:importkey Password:importkey $ keytool -keystore keystore.ImportKey -storepass Enter keystore password: New keystore password: Re-enter new keystore password:
ImportKey.java can be obtained from number of sites online, including agentbob.info
Using Your JKS
Once you have a JKS, either self signed or converted from a PEM, edit the file framework/base/config/ofbiz-containers.xml and put in the location of your .jks file and the password. Note that you can put the JKS file in the hot-deploy/ component for your own company, instead of framework/base/config/
