test

N1 Service Provisioning System 4.1 Installation Guide

Enabling SSL in Tomcat

By default, the N1 Service Provisioning System 4.1 Web Interface does not use SSL. Requests are performed over HTTP rather than HTTPS. You can enable HTTPS with an SSL Certificate. SSL Certificates are issued by Certifying Authorities (CA). Certificates are usually specific to individual machines.

An SSL Certificate is enclosed within the following delimiters:


-----BEGIN CERTIFICATE-----

and 


-----END CERTIFICATE-----

ProcedureHow to Generate SSL Certificates for Tomcat

Steps

  1. Change to the directory in which you installed the JRE.


    % cd JAVA-HOME/bin

    JAVA-HOME is the directory where you installed the JRE. If you installed the JRE with the N1 Service Provisioning System 4.1, the JRE is installed in the N1SPS4.1-home/common/JRE/bin directory.

  2. Generate the certificate.


    % keytool -genkey -alias tomcat -keyalg RSA -keystore /keystore-location
-storepass password

    Set /keystore-location to the location where you want to store the generated keys. /etc/keystore is commonly used.

    Set password to whatever password you choose.

  3. Follow the prompts to complete.

ProcedureHow to Enable SSL in Tomcat

Steps

  1. Import the SSL Certificate


    % keytool -import -alias tomcat -keystore keystore-location/ -trustcacerts

    keystore-location is the path to and the name of the file in which you saved your certificate text. The output of this command shows the name of the file in which the imported certificate is stored. This file is usually saved in the home directory of the user who ran the command.

  2. In the server.xml file, uncomment the following lines. XML comments begin with <!-- and end with -->. 


    <Connector className="org.apache.catalina.connector.http.HttpConnector"
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true"
           acceptCount="10" debug="0" scheme="https" secure="true">
  <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
           clientAuth="false" protocol="TLS"/>
</Connector>

  3. Edit the Factory element as follows.


    <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
           clientAuth="false" protocol="TLS" 
	   keystoreFile=path-to-tomcat-keystore-file/ keystorePass="password"/>

    path-tomcat-keystore-file is the path to the Tomcat keystore file and password is the password that you used to create the original keypass.

Requiring Users to Connect to the Web Interface Using SSL

After you have configured the N1 Service Provisioning System 4.1 to use SSL, you can configure it further so that users must use SSL to connect to the server.

ProcedureHow to Require Users to Connect Using SSL

Step

  1. Replace the current web.xml file with the Tomcat /webapp/WEB-INF/web.xml.secure file.


    % cd /N1SPS4.1-home/webapp/WEB-INF
% cp web.xml.secure web.xml

    N1SPS4.1-home is the home directory of the application.

ProcedureHow to Revert to the Original Configuration

Step

  1. To return to the original configuration, replace the web.xml file with the /webapp/WEB-INF/web.xml.default file.


    % cd /N1SPS4.1-home/webapp/WEB-INF
% cp web.xml.default web.xml

    N1SPS4.1-home is the home directory of the application.