Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

server.https.keystore.file=../conf/certificat.jks
server.https.keystore.password=password(votreMotDePasse)
server.https.keystore.password.encrypted=true
server.https.keystore.type=JKS
server.https.port=443
server.https.redirectEnabled=true

Exemple de configuration format PFX (PKCS12 keystore)

server.https.keystore.file=../conf/certificat.pfx
server.https.keystore.password=password(votreMotDePasse)
server.https.keystore.password.encrypted=true
server.https.keystore.type=PKCS12
server.https.port=443
server.https.redirectEnabled=true

L'option redirectEnabled forcera HTTPS en redirigeant automatiquement HTTP vers HTTPS si mise à 'true'.

L’option keystore.type doit être modifié en fonction du format

Si HTTPS ne répond pas, consultez les logs (jmap_log et le dernier fichier *.err ).  Il est possible que le certificat ne soit pas reconnu par Java et qu'il doit être ajouté au keystore:  https://k2geospatial.atlassian.net/wiki/x/AoA1Eg

...

English version

It is very simple to configure JMap to use HTTP encrypted connections (HTTPS / SSL).

This configuration requires a compatible JKS certificate. If you do not have a certificate, it is possible to create a non-authenticated certificate with JDK tools. To convert an existing PEM certificate into the JSK format, use the following procedure: https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html

Step-by-step guide

Creating a self-signed certificate

The keytool program can be found in the bin directory of your JDK.  The command for generate the certificate is:

keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore

When generating the certificate, the domain name must be entered as the answer to: 'What is your first and last name?'.  Only through this name will you be able to securely access JMap via HTTPS; any other URL (ex: localhost, 127.0.0.1, etc.) will return a security error.

Code Block
Enter keystore password: javacaps
What is your first and last name?
[Unknown]: development.sun.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: Sun
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, 
C=US> correct?
[no]: yes

Certificate configuration 

...

...

Produit concerné / Related product

...

JMap

...

Versions

...

5.0, 6.0, 6.5, 7.0

...

Il est très simple de configurer JMap pour utiliser des connexions HTTP encryptées (HTTPS/SSL).

Cette configuration nécessite un certificat compatible en format JKS ou PFX (PKCS12 keystore). Si vous ne possédez pas de certificat, il est possible de créer un certificat non-authentifié avec les outils du JDK ou OpenSSL.

Pour convertir un certificat RSA de format PEM en format JKS, veuillez utiliser la procédure décrite dans ce site : https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html

Pour faire la conversion d'un certificat du format PFX (PKCS12 keystores) au format JKS, utilisez la commande suivante (nécessite JDK 1.6+) : keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Guide étape par étape

Création d'un certificat non authentifié (auto-signé)

Format JKS

Le programme keytool est situé dans le répertoire bin de votre JDK.  La commande à utiliser pour générer le certificat est :

keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore

(certificat.keystore est le nom du fichier qui sera régéné)

Lors de la création du certificat, le nom de domaine visé par HTTPS doit être entré dans: 'What is your first and last name?'.  Seule cette resource sera sécurisée et donc tout accès via un autre nom (ex: localhost, 127.0.0.1, etc.,) retournera une erreur de sécurité. 

Code Block
Enter keystore password: javacaps
What is your first and last name?
[Unknown]: development.sun.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: Sun
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, 
C=US> correct?
[no]: yes

Format PFX (PKCS12 keystore)

Installer OpenSSL

Créer le private key : openssl genrsa 2048 > private.pem

Créer le self signed certificate : openssl req -x509 -days 1000 -new -key private.pem -out public.pem

Code Block
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Créer le PFX : openssl pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx

Code Block
Enter Export Password:
Verifying - Enter Export Password:

Configuration du certificat

  1. Une fois le certificat créé, il faut changer les paramètres suivants dans  /chemin/vers/jmap/conf/jmapserver.properties 

    1. Le certificat créé :
      server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Exemples : server.https.keystore.file=../conf/star_jmaponline_net.jks ou server.https.keystore.file=../conf/star_jmaponline_net.pfx)

    2. La valeur 'encrypted' indique si le mot de passe est encrypté, donc lorsque vous le configurez pour la première fois, vous devrez utiliser la fonction password(). Lorsque JMap Server sera démarré pour la première fois, votre mot de passe devrait être encrypté :
      server.https.keystore.password=password(put_your_keystore_password_here)
      server.https.keystore.password.encrypted=true

    3. Le port à utiliser pour HTTPS (443 par défaut) :
      server.https.port=443

  2. Une fois ces étapes effectuées, redémarrez JMap Server et lancez JMap Admin en HTTPS:  https://xxx.xxx.xxx.xxx:443/jmapadmin.

Exemple de configuration format JKS

Produit concerné / Related product

JMap

Versions

5.0, 6.0, 6.5, 7.0


Jump to English version

Il est très simple de configurer JMap pour utiliser des connexions HTTP encryptées (HTTPS/SSL).

Cette configuration nécessite un certificat compatible en format JKS ou PFX (PKCS12 keystore). Si vous ne possédez pas de certificat, il est possible de créer un certificat non-authentifié avec les outils du JDK ou OpenSSL.

Pour convertir un certificat RSA de format PEM en format JKS, veuillez utiliser la procédure décrite dans ce site : https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html

Pour faire la conversion d'un certificat du format PFX (PKCS12 keystores) au format JKS, utilisez la commande suivante (nécessite JDK 1.6+) :

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Guide étape par étape

1. Création d'un certificat non authentifié (auto-signé)

Format JKS

Le programme keytool est situé dans le répertoire bin de votre JDK.  La commande à utiliser pour générer le certificat est :

keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore

(certificat.keystore est le nom du fichier qui sera généré)

Lors de la création du certificat, le nom de domaine visé par HTTPS doit être entré dans: 'What is your first and last name?'. 

Seule cette resource sera sécurisée et donc tout accès via un autre nom (ex: localhost, 127.0.0.1, etc.,) retournera une erreur de sécurité. 

Code Block
Enter keystore password: javacaps
What is your first and last name?
[Unknown]: development.sun.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: Sun
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, 
C=US> correct?
[no]: yes

Format PFX (PKCS12 keystore)

  1. Installer OpenSSL.

2. Créer le private key : openssl genrsa 2048 > private.pem

3. Créer le self signed certificate : openssl req -x509 -days 1000 -new -key private.pem -out public.pem

Code Block
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

4. Créer le PFX : openssl pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx

Code Block
Enter Export Password:
Verifying - Enter Export Password:

2. Configuration du certificat

  1. Une fois le certificat créé, changez les paramètres suivants dans  /chemin/vers/jmap/conf/jmapserver.properties 

    1. Le certificat créé :
      server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Exemples : server.https.keystore.file=../conf/star_jmaponline_net.jks ou server.https.keystore.file=../conf/star_jmaponline_net.pfx)

    2. La valeur 'encrypted' indique si le mot de passe est encrypté, donc lorsque vous le configurez pour la première fois, vous devrez utiliser la fonction password(). Lorsque JMap Server sera démarré pour la première fois, votre mot de passe devrait être encrypté :
      server.https.keystore.password=password(put_your_keystore_password_here)
      server.https.keystore.password.encrypted=true

    3. Le port à utiliser pour HTTPS (443 par défaut) :
      server.https.port=443

  2. Une fois ces étapes effectuées, redémarrez JMap Server et lancez JMap Admin en HTTPS:  https://xxx.xxx.xxx.xxx:443/jmapadmin.

Exemples

Exemple de configuration format JKS

server.https.keystore.file=../conf/certificat.jks
server.https.keystore.password=password(votreMotDePasse)
server.https.keystore.password.encrypted=true
server.https.keystore.type=JKS
server.https.port=443
server.https.redirectEnabled=true

Exemple de configuration format PFX (PKCS12 keystore)

server.https.keystore.file=../conf/certificat.pfx
server.https.keystore.password=password(votreMotDePasse)
server.https.keystore.password.encrypted=true
server.https.keystore.type=PKCS12
server.https.port=443
server.https.redirectEnabled=true

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#DEEBFF

L’option keystore.type doit être modifié en fonction du format

L'option redirectEnabled forcera HTTPS en redirigeant automatiquement HTTP vers HTTPS si mise à 'true'.

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFF0B3

Si HTTPS ne répond pas, consultez les logs (jmap_log et le dernier fichier *.err ).  Il est possible que le certificat ne soit pas reconnu par Java et qu'il doit être ajouté au keystore:  https://k2geospatial.atlassian.net/wiki/x/AoA1Eg

...

Anchor
English
English

English version

It is very easy to configure JMap to use encrypted HTTP connections (HTTPS/SSL).

This configuration requires a compatible certificate in JKS or PFX format (PKCS12 keystore). If you do not have a certificate, it is possible to create an unauthenticated certificate with the JDK or OpenSSL tools.

To convert an RSA certificate from PEM format to JKS format, please use the procedure described in this site: https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html

To convert a certificate from PFX format (PKCS12 keystores) to JKS format, use the following command (requires JDK 1.6+):

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Step-by-step guide

1. Creating a self-signed certificate

JKS format

The keytool program is located in the bin directory of your JDK. The command to use to generate the certificate is:

keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore

(certificat.keystore is the name of the file that will be generated)

When generating the certificate, the domain name targeted by HTTPS must be entered in: 'What is your first and last name?'.

Only through this name will you be able to securely access JMap via HTTPS, any other URL (ex: localhost, 127.0.0.1, etc.) will return a security error.

Code Block
Enter keystore password: javacaps
What is your first and last name?
[Unknown]: development.sun.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: Sun
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, 
C=US> correct?
[no]: yes

PFX format (PKCS12 keystore)

  1. Install OpenSSL.

2. Create the private key : openssl genrsa 2048 > private.pem

3. Create the self-signed certificate: openssl req -x509 -days 1000 -new -key private.pem -out public.pem

Code Block
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

4. Create the PFX : openssl pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx

Code Block
Enter Export Password:
Verifying - Enter Export Password:

2. Configuring the Certificate

  1. Once the certificate is created, change the following parameters in:  /chemin/vers/jmap/conf/jmapserver.properties 

...

    1. The certificate created:
      server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Examples : server.https.keystore.file=../conf/

...

    1. star_jmaponline_net.jks ou server.https.keystore.file=../conf/star_jmaponline_net.

...

    1. pfx)

    2. The 'encrypted' value indicates whether the password is encrypted, so when you first set it up you will need to use the password() function. When JMap Server is started for the first time, your password should be encrypted:
      server.https.keystore.password=

...

    1. password(put_your_keystore_password_here)
      server.https.keystore.password.encrypted=true

    2. The port to use for HTTPS (443 by default):
      server.https.port=443

  1. Once these steps have been completed, restart JMap Server and launch JMap Admin in HTTPS:  https://xxx.xxx.xxx.xxx:443/jmapadmin.

Examples

Example of JKS format configuration

server.https.keystore.file=../conf/certificat.jks
server.https.keystore.password

...

=password(votreMotDePasse)
server.https.keystore.password.

...

encrypted=

...

true

2. Once these steps donne, restart JMap Server and launch JMap Admin HTTPS:    https://xxx.xxx.xxx.xxx:443/jmapadmin

Example of configured file

server.https.keystore.type=JKS
server.https.port=443
server.https.client.auth=falseredirectEnabled=true

Example of PFX format (PKCS12 keystore) configuration

server.https.keystore.file=../conf/certificat.keystorepfx
server.https.keystore.password=password(yourPassword)
server.https.keystore.password.encrypted=falsetrue
server.https.keystore.type=JKSPKCS12
server.https.port=443
server.https.redirectEnabled=true
server.https.scheme=https
server.https.ssl.protocol=TLSredirectEnabled=true

Info

The redirectEnabled option

redirectEnabled when set to true

will force HTTPS by automatically

redirect

redirecting HTTP to HTTPS if set to 'true'.

The keystore.type option must be modified according to the format

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFF0B3

If an SSL error occurs when starting JMap server, it might be because the certificate is not recognized by Java.

  Verify

 Verify your jmap_log and latest .err and see this article https://k2geospatial.atlassian.net/wiki/x/AoA1Eg