Skip past navigation linksSecure Global Desktop 4.40 Administration Guide > Security > Securing the SOAP Connections to an SGD Server

Securing the SOAP Connections to an SGD Server

Client applications, such as the webtop, use the SOAP protocol (over HTTP) to access the web services provided by an SGD server. Use HTTPS to secure the SOAP connections in the following circumstances:

Note If you develop your own client using a different programming language, you need to develop your own methods for securing the SOAP connections. This page gives the general principles you need to implement.

Configuring the Client Application to Use HTTPS and Trust SGD Server Certificates

To secure the SOAP connections, the client application must be configured to use HTTPS and to trust the X.509 certificates for any SGD servers it connects to. Follow these steps:

  1. Log in as superuser (root) on the SGD host.
  2. Add the X.509 certificates to the certificate store.

    You install server certificates with the keytool application, see the Java 2 SDK Tools and Utilities documentation for details.

    You store the certificates in the certificate store for the Java 2 Runtime Environment (JRE) used by the SGD server, /opt/tarantella/bin/jre/lib/security/cacerts.

    You must add the X.509 certificate for each SGD server in the array. The certificate for each server is stored in /opt/tarantella/var/tsp/cert.pem.

    Use the following command:

    Skip past command syntax or program code# /opt/tarantella/bin/jre/bin/keytool -import \
      -file /opt/tarantella/var/tsp/cert.pem \
      -keystore /opt/tarantella/bin/jre/lib/security/cacerts \ 
      -storepass changeit \
      -alias hostname
  3. Change to the webapps/sgd/WEB-INF/classes/com/tarantella/tta/webservices/client/apis directory.
  4. Edit the file.
  5. For each of the web services listed in the properties file, change the URL to an HTTPS URL.
  6. Save the changes to the file.
  7. Restart the web server and JSP container.

    If you are using the SGD Web Server, use the following command:

    Skip past command syntax or program code# tarantella webserver restart --ssl

    If you are using your own JSP container or web server, you must restart your JSP container after making any changes to the file. You must also make sure the web server is configured to accept HTTPS connections and restart it.

  8. Repeat these steps on each SGD server in the array.

Remote Hosts

If you relocate the SGD webtop to another host, or if you have developed your own applications on another host using the com.tarantella.tta.webservices.client.views package, you must edit both the relocated file and the one on the SGD server. How you do this is described in the following sections.

Web Services URLs

In the relocated file, the URLs must be for the SGD server the client application connects to, for example

In the file on the SGD host, amend the URLs to https://localhost:443.


You have to create two keystores as follows:

For the HTTPS connections to the SGD server, you must create your own keystore on the remote host, using your own JDK. This keystore must contain the SGD server certificate. Add the details of this keystore to the relocated file, by adding the following lines:

Skip past command syntax or program codekeystore=keystore

For the HTTPS connections from the SGD server to the remote host, you must install the root certificate (the CA certificate used to sign the certificate) for the remote host into the keystore (the cacerts file) for the JRE used by the SGD server. You do this using the keytool application as follows:

Skip past command syntax or program code# /opt/tarantella/bin/jre/bin/keytool -import \
-keystore /opt/tarantella/bin/jre/lib/security/cacerts \ 
-storepass changeit \
-file certificate_path \
-alias remote_hostname
Related Topics