keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12
-destkeystore clientcert.jks -deststoretype JKS
Guide étape par étape
Création d'un certificat non authentifié (auto-signé)
Le programme keytool est situé dans le répertoire bin de votre JDK. La commande à utiliser pour générer le certificat est :
keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore
(certificat.keystore est le nom du fichier qui sera régéné)
Lors de la création du certificat, le nom de domaine visé par HTTPS doit être entré dans: 'What is your first and last name?'. Seule cette resource sera sécurisée et donc tout accès via un autre nom (ex: localhost, 127.0.0.1, etc.,) retournera une erreur de sécurité.
Enter keystore password: javacaps What is your first and last name? [Unknown]: development.sun.com What is the name of your organizational unit? [Unknown]: Development what is the name of your organization? [Unknown]: Sun What is the name of your City or Locality? [Unknown]: Monrovia What is the name of your State or Province? [Unknown]: California What is the two-letter country code for this unit? [Unknown]: US Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, C=US> correct? [no]: yes
Configuration du certificat en format JKS
- Une fois le certificat fait, il faut changer les paramètres suivants dans :
/chemin/vers/jmap/conf/jmapserver.properties - Le certificat créé :
server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Exemple : server.https.keystore.file=../conf/star_jmaponline_net.jks) - Le mot de passe de votre certificat :
server.https.keystore.password=xxxxx - Le port à utiliser pour HTTPS (443 par défaut) :
server.https.port=443
Une fois ces étapes effectuées, il suffit de redémarrer JMap Server et de lancer JMap Admin en HTTPS: https://xxx.xxx.xxx.xxx:443/jmapadmin
L'option redirectEnabled forcera HTTPS en redirigeant automatiquement HTTP vers HTTPS si mise à 'true'.
Exemple de configuration:
server.https.client.auth=false
server.https.keystore.file=../conf/certificat.keystore
server.https.keystore.password=votreMotDePasse
server.https.keystore.type=JKS
server.https.port=443
server.https.redirectEnabled=true
server.https.scheme=https
server.https.ssl.protocol=TLS
English version
It is very simple to configure JMap to use HTTP encrypted connections (HTTPS / SSL).
This configuration requires a compatible JKS certificate. If you do not have a certificate, it is possible to create a non-authenticated certificate with JDK tools. To convert an existing PEM certificate into the JSK format, use the following procedure: https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html
Step-by-step guide
Creating a self-signed certificate
The keytool program can be found in the bin directory of your JDK. The command for generate the certificate is:
keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore
When generating the certificate, the domain name must be entered as the answer to: 'What is your first and last name?'. Only through this name will you be able to securely access JMap via HTTPS; any other URL (ex: localhost, 127.0.0.1, etc.) will return a security error.
Enter keystore password: javacaps What is your first and last name? [Unknown]: development.sun.com What is the name of your organizational unit? [Unknown]: Development what is the name of your organization? [Unknown]: Sun What is the name of your City or Locality? [Unknown]: Monrovia What is the name of your State or Province? [Unknown]: California What is the two-letter country code for this unit? [Unknown]: US Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, C=US> correct? [no]: yes
Certificate configuration
1. Once the certificate is done, you must change the following settings:
/chemin/vers/jmap/conf/jmapserver.properties
2. The certificate created:
server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Example : server.https.keystore.file=../conf/star_jmaponline_net.jks)
3. Your certificate password:
server.https.keystore.password=xxxxx
4. The port to use for HTTPS (443 by default):
server.https.port=443
Once these steps donne, simply restart JMap Server and launch JMap Admin HTTPS: https://xxx.xxx.xxx.xxx:443/jmapadmin
Example of configured file:
server.https.client.auth=false
server.https.keystore.file=../conf/certificat.keystore
server.https.keystore.password=yourPassword
server.https.keystore.type=JKS
server.https.port=443
server.https.redirectEnabled=true
server.https.scheme=https
server.https.ssl.protocol=TLS
The option redirectEnabled when set to true will force HTTPS by automatically redirect HTTP to HTTPS.