wiki:HttpsRemoteFiles

Version 6 (modified by olle, 10 years ago) (diff)

Added info on setting connection parameters in properties file.

Configuring the Proteios server to access remote files via https

To allow Proteios to use a certificate when accessing remote files over https, it needs to be configured with the location of the certificate files, and a file with th epassword to the certificate. For security reason it could be good to set permissions to the certificate and password files so that they are only readable by the tomcat user. Note that the certificate file need to be configured with an alias (name) for the certificate to use.

tomcat

Alternative 1: tomcat settings as jvm parameters

The following jvm parameters need to be set for tomcat:

  • -Djavax.net.ssl.keyStore=PATH_TO_P12_FILE
  • -Dcert.passFile=PATH_TO_P12_PASSWORD_FILE (or -Djavax.net.ssl.keyStorePassword=P12_KEYSTORE_PASSWORD)
  • -Dcert.alias=ALIAS
  • -Djavax.net.ssl.trustStore=PATH_TO_JKS_FILE
  • -Djavax.net.ssl.trustStorePassword=JKS_TRUSTSTORE_PASSWORD

This can be done by configuring your tomcat.conf file. However, if a property (like alias) contains a space character, instead write to catalina.properties:
cert.alias=ALIAS
(for example cert.alias=my name)

Alternative 2: tomcat settings in properties file (Proteios SE 2.20.0 and higher)

The preferred method is to set the connection parameter values in properties file connection.properties. Copy template file client/servlet/conf/connection.properties.in to a file connection.properties and add the settings to the latter:

  • cert.alias = ALIAS
  • cert.passFile = PATH_TO_P12_PASSWORD_FILE
  • javax.net.ssl.keyStore = PATH_TO_P12_FILE
  • javax.net.ssl.keyStorePassword = P12_KEYSTORE_PASSWORD
  • javax.net.ssl.trustStore = PATH_TO_JKS_FILE
  • javax.net.ssl.trustStorePassword = JKS_TRUSTSTORE_PASSWORD

If keyStorePassword is missing, an attempt is made to read it from cert.passFile.

FTP server

If the connection parameters are set in a properties file (alternative 2 above), no changes should be needed for the ftp server. Otherwise, make the following additions:

For the ftp server, currently the startup script has to be edited: Add a line in the beginning:
PROP="-Djavax.net.ssl.keyStore=PATH_TO_P12_FILE -Dcert.passFile=PATH_TO_P12_PASSWORD_FILE -Djavax.net.ssl.trustStore=PATH_TO_JKS_FILE -Djavax.net.ssl.trustStorePassword=JKS_TRUSTSTORE_PASSWORD -Dcert.alias=\"my name\""

And change the two lines with 'su':
su - tomcat -c "nohup java -server $PROP -Xmx$MEMORY -cp $CLASSPATH se.lu.thep.coreftpd.ProteiosFTPServerControl -t\"$temp_dir\" -start $PORT&"