Configuring the http server for https using the keytool

From PresenceWiki
Revision as of 17:49, 23 January 2012 by Graham (Talk | contribs)

Jump to: navigation, search

To create a keystore for the https server:-


keytool -keyalg RSA -genkey -validity 731 -keystore c:\\keystore

http://www.international-presence.com/images/docs/https/createkeystore.png

After this you can then create a self signed certificate:-

keytool -selfcert -validity 721 -keystore c:\\keystore

http://www.international-presence.com/images/docs/https/selfsigned.png

Now place the file keystore into the presence res directory.

In the httpconfig edit the following:-

<http-config httpenabled="true" httpsenabled="true" port="81" secureport="443">
<security>
       <keystore>./res/keystore</keystore>
       <password>password</password>
       <keypassword>password</keypassword>
</security>


Because we gave the name as impscloud, if we go to C:\WINDOWS\system32\drivers\etc\hosts and edit this we can point it to a chosen machine:-

http://www.international-presence.com/images/docs/https/hosts.png

Then we can go to this page:-

https://impscloud/test.xhtml

Initially you will receive a warning, where you should choose "I Understand The Risks".

http://www.international-presence.com/images/docs/https/untrustedconnection.png

We can then select "Get The Certificiate" and then "Confirm Security Exception"

http://www.international-presence.com/images/docs/https/confirmsecurityexception.png

From now on, we shall receive the page as intended:-

http://www.international-presence.com/images/docs/https/simplesecureresponse.png

It is also possible to generate your own .cer file that can then be imported onto a pc to access the suite without warnings.

To do this first list the keys in your keystore using:-

keytool -list -v -keystore c:\keystore

http://www.international-presence.com/images/docs/https/listkeys.png

Now run the command to create the cer file. Note that by default the keystore is in your users directory unless otherwise specified.

keytool -export -alias mykey -keystore c:\keystore -file c:\presence.cer

http://www.international-presence.com/images/docs/https/generatecer.png

You can now send this to a user who can right click on the cer in windows explorer and import it into their system.

They should now be able to browse to the site in ie or chrome without any warning or need to add an exception.