Changes between Version 6 and Version 7 of HttpsRemoteFiles


Ignore:
Timestamp:
Feb 13, 2014, 2:33:21 PM (10 years ago)
Author:
Fredrik Levander
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HttpsRemoteFiles

    v6 v7  
    33To allow Proteios to use a certificate when accessing remote files over https, it needs to be configured with the location of the certificate files, and a file with th epassword to the certificate. For security reason it could be good to set permissions to the certificate and password files so that they are only readable by the tomcat user. Note that the certificate file need to be configured with an alias (name) for the certificate to use.
    44
    5 == tomcat ==
    65
    7 === Alternative 1: tomcat settings as jvm parameters ===
     6
     7== Alternative 1: Settings in properties file (Proteios SE 2.20.0 and higher) ==
     8The preferred method is to set the connection parameter values in properties file `connection.properties`.
     9Copy template file `client/servlet/conf/connection.properties.in` to a file `connection.properties`
     10and add the settings to the latter:
     11
     12 - cert.alias = ALIAS (This is the name of the certificate to look for in the P12 file)
     13
     14 - javax.net.ssl.keyStore = PATH_TO_P12_FILE (This is the path to the certificate to use for remote connections)
     15
     16 - javax.net.ssl.trustStore = PATH_TO_JKS_FILE (This is the path to the JKS format file with host certificates to trust)
     17
     18 - javax.net.ssl.trustStorePassword = JKS_TRUSTSTORE_PASSWORD
     19
     20And the password to the P12 certificate specified either as:
     21
     22 - javax.net.ssl.keyStorePassword = P12_KEYSTORE_PASSWORD
     23
     24or
     25
     26 - cert.passFile = PATH_TO_P12_PASSWORD_FILE
     27
     28If `keyStorePassword` is missing, an attempt is made to read it from `cert.passFile`.
     29
     30The connection.properties file should be readable for the tomcat user, and preferably not readable for other users if it contains passwords.
     31The same goes for the separate password file.
     32
     33== Alternative 2: settings as jvm parameters ==
     34
     35=== tomcat ===
    836
    937The following jvm parameters need to be set for tomcat:
     
    2250cert.alias=ALIAS[[BR]] (for example cert.alias=my name)
    2351
    24 === Alternative 2: tomcat settings in properties file (Proteios SE 2.20.0 and higher) ===
    25 The preferred method is to set the connection parameter values in properties file `connection.properties`.
    26 Copy template file `client/servlet/conf/connection.properties.in` to a file `connection.properties`
    27 and add the settings to the latter:
     52=== FTP server ===
    2853
    29  - cert.alias = ALIAS
    30 
    31  - cert.passFile = PATH_TO_P12_PASSWORD_FILE
    32 
    33  - javax.net.ssl.keyStore = PATH_TO_P12_FILE
    34 
    35  - javax.net.ssl.keyStorePassword = P12_KEYSTORE_PASSWORD
    36 
    37  - javax.net.ssl.trustStore = PATH_TO_JKS_FILE
    38 
    39  - javax.net.ssl.trustStorePassword = JKS_TRUSTSTORE_PASSWORD
    40 
    41 If `keyStorePassword` is missing, an attempt is made to read it from `cert.passFile`.
    42 
    43 == FTP server ==
    4454If the connection parameters are set in a properties file (alternative 2 above),
    45 no changes should be needed for the ftp server. Otherwise, make the following additions:
     55no specific changes should be needed for the ftp server. Otherwise, make the following additions:
    4656
    4757For the ftp server, currently the startup script has to be edited: