Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

Produit concerné / Related product

JMap

Versions

5.0, 6.0, 6.5, 7.0


Jump to English version


Il est très simple de configurer JMap pour utiliser des connexions HTTP encryptées (HTTPS/SSL).
Cette configuration nécessite un certificat compatible en format JKS. Si vous ne possédez pas de certificat, il est possible de créer un certificat non-authentifié avec les outils du JDK. Pour convertir un certificat RSA de format PEM en format JKS, veuillez utiliser la procédure suivante : https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html
Pour faire la conversion d'un certificat du format PFX au format JKS, utilisez la commande suivante (nécessite JDK 1.6+) : keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Guide étape par étape

Création d'un certificat non authentifié (auto-signé)

Le programme keytool est situé dans le répertoire bin de votre JDK.  La commande à utiliser pour générer le certificat est :

keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore

(certificat.keystore est le nom du fichier qui sera régéné)

Lors de la création du certificat, le nom de domaine visé par HTTPS doit être entré dans: 'What is your first and last name?'.  Seule cette resource sera sécurisée et donc tout accès via un autre nom (ex: localhost, 127.0.0.1, etc.,) retournera une erreur de sécurité. 

Enter keystore password: javacaps
What is your first and last name?
[Unknown]: development.sun.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: Sun
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, 
C=US> correct?
[no]: yes



Configuration du certificat en format JKS


  1. Une fois le certificat fait, il faut changer les paramètres suivants dans :
    /chemin/vers/jmap/conf/jmapserver.properties 

  2. Le certificat créé :
    server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Exemple : server.https.keystore.file=../conf/star_jmaponline_net.jks)

  3. Le mot de passe de votre certificat :
    server.https.keystore.password=xxxxx

  4. Le port à utiliser pour HTTPS (443 par défaut) :
    server.https.port=443

Une fois ces étapes effectuées, il suffit de redémarrer JMap Server et de lancer JMap Admin en HTTPS:  https://xxx.xxx.xxx.xxx:443/jmapadmin

L'option redirectEnabled forcera HTTPS en redirigeant automatiquement HTTP vers HTTPS si mise à 'true'.

Exemple de configuration:

server.https.client.auth=false
server.https.keystore.file=../conf/certificat.keystore
server.https.keystore.password=votreMotDePasse
server.https.keystore.type=JKS
server.https.port=443
server.https.redirectEnabled=true
server.https.scheme=https
server.https.ssl.protocol=TLS


English version

It is very simple to configure JMap to use HTTP encrypted connections (HTTPS / SSL).

This configuration requires a compatible JKS certificate. If you do not have a certificate, it is possible to create a non-authenticated certificate with JDK tools. To convert an existing PEM certificate into the JSK format, use the following procedure: https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html

Step-by-step guide

Creating a self-signed certificate

The keytool program can be found in the bin directory of your JDK.  The command for generate the certificate is:

keytool -genkey -keyalg RSA -keystore /chemin/vers/jmap/conf/certificat.keystore

When generating the certificate, the domain name must be entered as the answer to: 'What is your first and last name?'.  Only through this name will you be able to securely access JMap via HTTPS; any other URL (ex: localhost, 127.0.0.1, etc.) will return a security error.

Enter keystore password: javacaps
What is your first and last name?
[Unknown]: development.sun.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: Sun
What is the name of your City or Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is<CN=development.sun.com, OU=Development, O=Sun, L=Monrovia, ST=California, 
C=US> correct?
[no]: yes


Certificate configuration 

1. Once the certificate is done, you must change the following settings:
/chemin/vers/jmap/conf/jmapserver.properties 

2. The certificate created:
server.https.keystore.file=/chemin/vers/jmap/conf/certificat.keystore (Example : server.https.keystore.file=../conf/star_jmaponline_net.jks)

3. Your certificate password:
server.https.keystore.password=xxxxx

4.  The port to use for HTTPS (443 by default):
server.https.port=443

Once these steps donne, simply restart JMap Server and launch JMap Admin HTTPS:    https://xxx.xxx.xxx.xxx:443/jmapadmin

Example of configured file:

server.https.client.auth=false
server.https.keystore.file=../conf/certificat.keystore
server.https.keystore.password=yourPassword
server.https.keystore.type=JKS
server.https.port=443
server.https.redirectEnabled=true
server.https.scheme=https
server.https.ssl.protocol=TLS

The option redirectEnabled when set to true will force HTTPS by automatically redirect HTTP to HTTPS.


  • No labels