As an administrator, enable the HTTPS communication protocol for the VertiGIS Integrator with a self-signed certificate.
1.Firstly, you have to configure a keystore on the same server the SSL/TLS certificate is stored.
To do this, execute the following keytool command in the OpenJDK \bin directory. Replace [Path] by the path in which the keystore file should be created (e.g. C:\Keystore\UTI_Keystore). The parameter validity determines the period of certificate validity, in number of days. After the certificate validity has expired, the HTTPS communication will not work anymore. It is therefore advisable to choose a higher value for validity.
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore [Path] – validity [in number of days]
After executing the command the following parameters are queried:
Parameter |
Description |
|---|---|
Keystore-Password |
Enter a password that will be used to access the keystore. |
First and last name |
Optional, default is unknown |
Name of your organization unit |
Optional, default is unknown |
Name of your organization |
Optional, default is unknown |
Name of your city or town |
Optional, default is unknown |
Name of your state |
Optional, default is unknown |
Country code |
Optional, default is unknown |
Confirm the question for correctness by the input of Y.
2.Secondly, the key password input is required. This password is stored in Tomcat later, to be accessed by the SSL/TLS key in the keystore. You can either define your own password here or accept the keystore password by clicking on the Return button.
After successfully completing the keytool command, the keystore file is created with a specified path and a SSL/TLS certificate is created in the keystore; to be used by the Tomcat for the HTTPS communication.
3.In the next step, the Tomcat Server must be configured to switch the communication to HTTPS. For this, open the [TOMCAT]/conf/server.xml file in a text editor and search for the following <Connector> entry:
<!—
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
4.Uncomment the Connector by removing <!— and -->.
5.Afterward, the certificateKeystoreFile parameter must be set to the keystore file path (e.g. C:/Keystore/UTI_Keystore)..
Use slashes / instead of backslashes \ in the path.
6.Add the additional certificateKeystorePassword parameter. certificateKeystorePassword - Key password for accessing the SSL/TLS certificate
Upon adjustment, the <Connector> should resemble:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Postserver
</web-resource-name>
<url-pattern>/services/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>postserver</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Postserver</realm-name>
</login-config>
