Secure Global Desktop 4.40 Administration Guide > Security > Securing the SOAP Connections to an SGD Server
Client applications, such as the webtop, use the SOAP protocol (over HTTP) to access the web services provided by an SGD server. Use HTTPS to secure the SOAP connections in the following circumstances:
com.tarantella.tta.webservices.client.viewspackage, either on the same host as SGD or on a different host
Note If you develop your own client using a different programming language, you need to develop your own methods for securing the SOAP connections. This page gives the general principles you need to implement.
To secure the SOAP connections, the client application must be configured to use HTTPS and to trust the X.509 certificates for any SGD servers it connects to. Follow these steps:
You install server certificates with the
keytool application, see the Java 2 SDK Tools and Utilities documentation for details.
You store the certificates in the certificate store for the Java 2 Runtime Environment (JRE) used by the SGD server,
You must add the X.509 certificate for each SGD server in the array.
The certificate for each server is stored in
Use the following command:
# /opt/tarantella/bin/jre/bin/keytool -import \ -file /opt/tarantella/var/tsp/cert.pem \ -keystore /opt/tarantella/bin/jre/lib/security/cacerts \ -storepass changeit \ -alias hostname
http://server:port/service. The default is
localhostfor the server if the client application (for example the webtop) is on the same host as SGD. Otherwise, use the fully qualified DNS name of an SGD server.
If you are using the SGD Web Server, use the following command:
# tarantella webserver restart --ssl
If you are using your own JSP container or web server,
you must restart your JSP container after making any changes to the
You must also make sure the web server is configured to accept HTTPS connections and restart it.
If you relocate the SGD webtop to another host, or if you have developed your
own applications on another host using the
com.tarantella.tta.webservices.client.views package, you must edit
both the relocated
Resources.properties file and the one on the
SGD server. How you do this is described in the following sections.
In the relocated
Resources.properties file, the URLs must be for the SGD server the client application
connects to, for example
Resources.properties file on the SGD host, amend the URLs to
You have to create two keystores as follows:
For the HTTPS connections to the SGD server, you must create your own
keystore on the remote host, using your own JDK.
This keystore must contain the SGD server certificate.
Add the details of this keystore to the relocated
Resources.properties file, by adding the following lines:
For the HTTPS connections from the SGD server to the remote host,
you must install the root certificate (the CA certificate used to sign the certificate) for the remote host into the
cacerts file) for the JRE used by the SGD server. You do this using the keytool application as follows:
# /opt/tarantella/bin/jre/bin/keytool -import \ -keystore /opt/tarantella/bin/jre/lib/security/cacerts \ -storepass changeit \ -file certificate_path \ -alias remote_hostname
Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.