...
HTTPS requires a signed SSL certificate. License Server ships with a self-signed SSL certificate, which is used by default. Alternatively, you can use a custom self-signed or commercially signed certificate; see Enabling Custom SSL.
| Anchor | ||||
|---|---|---|---|---|
|
The default Parasoft self-signed SSL certificate is shipped with License Server in a .keystore file. To use a custom SSL certificate:
- If your License Server is running, run the stopLS script to stop the server.
- Replace the default .keystore file with a custom .keystore file in the <
LS_INSTALL>/app/tomcat/confdirectory.
Your custom .keystore file must contain a signed certificate. - Run the startLS scripts to start License Server.
Generating a .keystore File with a Self-signed Certificate
If you do not already have a .keystore file available, you can generate one by executing the following command:
Code Block keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -keysize 2048
This will create a keystore containing a private key and a self-signed certificate named keystore.jks with the password
password. The-keysizesetting is optional. The default keysize is1024.- Enter your organization name when prompted. When asked for your first and last name, you typically enter the domain name of the server to be accessed. This is especially important if you are going to use a commercially signed certificate. For a self-signed certificate, you could provide any first and last name.
- Enter a password for the generated key when prompted. The password can be the same as the password used for the keystore. In this case, the alias for the private key is
selfsigned.
Obtaining a Commercially-signed Certificate
You can obtain commercial certificates from a certificate authority (CA), such as verisign.com or thawte.com by submitting a certificate signing request (CSR) to the CA.
Use the following command to create the CSR:
Code Block keytool -certreq -alias selfsigned -keystore keystore.jks -file cer- treq.csr
- You will be prompted to enter the keystore password. A certreq.csr CSR file is created for the key with the alias
selfsigned. The CA will return a Root or Chain certificate and the newly signed certificate, both of which must be imported into your keystone. Use the following command to import your root certificate:
Code Block keytool -import -alias root -keystore keystore.jks -trustcacerts - file <filename_of_the_chain_certificate>
Use the following command to import the new certificate:
Code Block keytool -import -alias dtp -keystore keystore.jks -file <your_certificate_filename>
Disabling HTTPS
Change the protocol in the <LS_INSTALL>/data/conf/PSTSecConfig.xml file to HTTP:
| Code Block | ||
|---|---|---|
| ||
<pstsec-config>
<remote-authentication>
<enabled>false</enabled>
<host>localhost</host>
<port>8443</port>
<protocol>http</protocol>
</remote-authentication>
</pstsec-config>
|
Disabling Port 2002 on License Server
Insure++ communicates with License Server over port 2002. All other Parasoft tools communicate with License Server over the standard HTTP/HTTPS ports. If you are not using License Server or are only using License Server with other Parasoft tools, you can disable port 2002 as a security best practice within your DTP infrastructure. The following instructions describe how to disable port 2002.
- Stop License Server by running, as an administrator, the stopLS script located in the
<LS_INSTALL>/appdirectory. - Open the ls.conf file located in the
<LS_DATA_DIR>/LicenseServer/confdirectory. Add an
<enbabled>false</enabled>element to the<Server>element:Code Block language xml <?xml version="1.0" encoding="UTF-8"?> <Root> <Server> <enabled>false</enabled> <port>2002</port> <concurrent_connections_limit>100</concurrent_connections_limit> <soap_administration_enabled>true</soap_administration_enabled> <start_deactivated>true</start_deactivated> </Server> ... </Root>- Save the file and restart License Server by running, as an administrator, the startLS script located in the
<LS_INSTALL>/appdirectory.