wiki:HttpsRemoteFiles

Version 5 (modified by Fredrik Levander, 9 years ago) (diff)

--

Configuring the Proteios server to access remote files via https

To allow Proteios to use a certificate when accessing remote files over https, it needs to be configured with the location of the certificate files, and a file with th epassword to the certificate. For security reason it could be good to set permissions to the certificate and password files so that they are only readable bty the tomcat user. Not that the certificate file need to be configured with an alias (name) for the certificate to use.

tomcat

The following jvm parameters needs to be set for tomcat:

  • -Djavax.net.ssl.keyStore=PATH_TO_P12_FILE
  • -Dcert.passFile=PATH_TO_P12_PASSWORD_FILE (or -Djavax.net.ssl.keyStorePassword=P12_KEYSTORE_PASSWORD)
  • -Dcert.alias=ALIAS
  • -Djavax.net.ssl.trustStore=PATH_TO_JKS_FILE
  • -Djavax.net.ssl.trustStorePassword=JKS_TRUSTSTORE_PASSWORD

This can be done by configuring your tomcat.conf file. However, if a property (like alias) contains a space character, instead write to catalina.properties:
cert.alias=ALIAS
(for example cert.alias=my name)

FTP server

For the ftp server, currently the startup script has to be edited: Add a line in the beginning:
PROP="-Djavax.net.ssl.keyStore=PATH_TO_P12_FILE -Dcert.passFile=PATH_TO_P12_PASSWORD_FILE -Djavax.net.ssl.trustStore=PATH_TO_JKS_FILE -Djavax.net.ssl.trustStorePassword=JKS_TRUSTSTORE_PASSWORD -Dcert.alias=\"my name\""

And change the two lines with 'su':
su - tomcat -c "nohup java -server $PROP -Xmx$MEMORY -cp $CLASSPATH se.lu.thep.coreftpd.ProteiosFTPServerControl -t\"$temp_dir\" -start $PORT&"