Working with SSL
The SSL protocol provides several features that enable secure transmission of Web traffic. These features include data encryption, server authentication, and message integrity.
You can enable secure communication from web clients to the EventLog Analyzer server using SSL.
 |
The steps provided describe how to enable SSL functionality and generate certificates only. Depending on your network configuration and security needs, you may need to consult outside documentation. For advanced configuration concerns, please refer to the SSL resources at http://www.apache.org and http://www.modssl.org |
Stop the server, if it is running, and follow the steps below to enable SSL support:
Generating a valid certificate
- If you have a keystore file for using HTTPS, place the file under <EventLogAnalyzer Home>\server\default\conf directory and rename it as "test.keystore"
- If you do not have the keystore file, please follow the steps to create the same.
- Open <EventLogAnalyzer Home>\server\default\conf directory and execute the following command in the command prompt.
"<EventLogAnalyzer Home>\jre\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore test.keystore
For example, if the EventLog Analyzer home is C:\AdventNet\ME\EventLog, then the command will be "C:\AdventNet\ME\EventLog\jre\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore test.keystore
- During the execution of the above command, it will prompt you for keystore password, enter "change" as password. See Note below.
- It will also prompt for 5 questions on first and last name, organizational unit, organization, city, state, country code.
- Fill in the fields and for confirmation type 'y' and press 'Enter'.
- Again press 'Enter' for password for tomcat.
A file named 'test.keystore' will be created in the <EventLogAnalyzer Home>\server\default\conf directory.
Disabling HTTP
When you have enabled SSL, HTTP will continue to be enabled on the web server port (default 8080). To disable HTTP follow the steps below:
- Edit the server.xml file present in <EventLogAnalyzer_Home>/server/default/deploy/jbossweb-tomcat50.sar directory.
- Comment out the HTTP connection parameters, by placing the <!-- tag before, and the --> tag after the following lines:
<!-- A HTTP/1.1 Connector on port 8400 -->
<Connector port="8400" address="${jboss.bind.address}"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/> |
Enabling SSL
- In the same file, enable the HTTPS connection parameters, by removing the <!-- tag before, and the --> tag after the following lines:
<!--
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/test.keystore"
keystorePass="change" sslProtocol = "TLS" />
--> |
|
While creating keystore file, you can enter the password as per your requirement. But ensure that the same password is configured, in the server.xml file. Example password is configured as 'change'. |
Changing the web server port
- Edit the sample-bindings.xml file present in <EventLogAnalyzer_Home>/server/default/conf directory
- Replace the default values for the following parameters as follows:
Default Value |
New Value |
| <xsl:variable name="portHttps" select="$port + 363"/> |
<xsl:variable name="portHttps" select="8443"/> |
| </delegate-config><binding port="8400"/></service-config> |
</delegate-config><binding port="8443"/></service-config> |
Configuring HTTPS Configuration Parameters for 64 bit/128 bit encryption
If you want to configure the HTTPS connection parameters for 64 bit/128 bit encryption, add the following parameter at the end of the SSL/TLS Connector tag:
SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/test.keystore"
keystorePass="change" sslProtocol = "TLS"
SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"/>
|
Verifying SSL Setup
- Restart the EventLog Analyzer server.
- Verify that the following message appears:
Server started.
Please connect your client at http://localhost:8443
- Connect to the server from a web browser by typing https://<hostname>:8443 where <hostname> is the machine where the server is running
Copyright © 2008, AdventNet Inc. All Rights Reserved.
