Working with SSL

From Opentaps Wiki
Revision as of 22:36, 24 April 2009 by Sichen (talk | contribs) (Using Your JKS =)
Jump to navigationJump to search

Generating a Self Signed JKS Key

You can create your own self signed SSL to use with opentaps. To do so, use the keytool command. Note that "first and last name" should be the name of your server. For example, if you access your server as 

http://localhost

or 

http://localhost:8080

Then it should be localhost If you use opentaps.mycompany.com, then put that as the answer to "first and last name" 

$ keytool -genkey -alias opentaps -keyalg RSA -keystore framework/base/config/opentaps.jks
Enter keystore password:  opentaps
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  Si Chen
What is the name of your organization?
  [Unknown]:  Open Source Strategies, Inc.
What is the name of your City or Locality?
  [Unknown]:  Los Angeles
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Si Chen, O="Open Source Strategies, Inc.", L=Los Angeles, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <opentaps>
        (RETURN if same as keystore password):  opentaps

Converting PEM to JKS Private Key

  • key.pem is the private SSL key
  • cert.pem is the certificate for the SSL key
$ openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER

$ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

$ javac ImportKey.java

$ java ImportKey key.der cert.der
Using keystore-file : /home/user/keystore.ImportKey
One certificate, no chain.
Key and certificate stored.
Alias:importkey  Password:importkey

$ keytool -keystore keystore.ImportKey -storepass
Enter keystore password:
New keystore password:
Re-enter new keystore password:

ImportKey.java can be obtained from number of sites online, including agentbob.info

Using Your JKS

Once you have a JKS, either self signed or converted from a PEM, edit the file framework/base/config/ofbiz-containers.xml and put in the location of your .jks file and the password. Note that you can put the JKS file in the hot-deploy/ component for your own company, instead of framework/base/config/

Retrieved from "https://docs.opentaps.org/docs/index.php?title=Working_with_SSL&oldid=3884"