By default, the N1 Service Provisioning System 4.1 Web Interface does not use SSL. Requests are performed over HTTP rather than HTTPS. You can enable HTTPS with an SSL Certificate. SSL Certificates are issued by Certifying Authorities (CA). Certificates are usually specific to individual machines.
An SSL Certificate is enclosed within the following delimiters:
-----BEGIN CERTIFICATE----- |
and
-----END CERTIFICATE----- |
Change to the directory in which you installed the JRE.
% cd JAVA-HOME/bin |
JAVA-HOME is the directory where you installed the JRE. If you installed the JRE with the N1 Service Provisioning System 4.1, the JRE is installed in the N1SPS4.1-home/common/JRE/bin directory.
Generate the certificate.
% keytool -genkey -alias tomcat -keyalg RSA -keystore /keystore-location -storepass password |
Set /keystore-location to the location where you want to store the generated keys. /etc/keystore is commonly used.
Set password to whatever password you choose.
Follow the prompts to complete.
Import the SSL Certificate
% keytool -import -alias tomcat -keystore keystore-location/ -trustcacerts |
keystore-location is the path to and the name of the file in which you saved your certificate text. The output of this command shows the name of the file in which the imported certificate is stored. This file is usually saved in the home directory of the user who ran the command.
In the server.xml file, uncomment the following lines. XML comments begin with <!-- and end with -->.
<Connector className="org.apache.catalina.connector.http.HttpConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0" scheme="https" secure="true"> <Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS"/> </Connector> |
Edit the Factory element as follows.
<Factory className="org.apache.catalina.net.SSLServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile=path-to-tomcat-keystore-file/ keystorePass="password"/> |
path-tomcat-keystore-file is the path to the Tomcat keystore file and password is the password that you used to create the original keypass.
After you have configured the N1 Service Provisioning System 4.1 to use SSL, you can configure it further so that users must use SSL to connect to the server.
Replace the current web.xml file with the Tomcat /webapp/WEB-INF/web.xml.secure file.
% cd /N1SPS4.1-home/webapp/WEB-INF % cp web.xml.secure web.xml |
N1SPS4.1-home is the home directory of the application.