Versions Compared

Old Version 1

changes.mady.by.user Chieko Sugizaki

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel12

SSL for Enterprise Pack Application

If you are using Extension Designer, you will either need to enable SSL for those applications or disable SSL in DTP so that the entire system is uses the same protocol (HTTP or HTTPS). See Enabling SSL for DTP Enterprise Pack

Enabling SSL for DTP

Stop Parasoft services before making changes related to SSL. See Stopping DTP Services for instructions.

Anchor
keystore-generation-and-certificates
keystore-generation-and-certificates
Keystore Generation and Certificates

A .keystore file with signed certificate is required to enable SSL. DTP ships with a default .keystore file in the <DTP_INSTALL>/tomcat/conf directory. The default .keystore file contains a self-signed certificate. You can replace the default .keystore file with your organization’s .keystore file, but your file must contain a signed certificate.

...

You will be prompted to enter your organization information. When it asks for your first and last name, you typically enter the domain name of the server to be accessed. This is especially important if you are going to use a commercially signed certificate. For a self-signed certificate, you could enter anything for first and last name (even your real first and last name). The prompt will also ask for a password for the generated key. The password can be the same as the password used for the keystore. In this case, the alias for the private key is selfsigned.

Obtaining a Commercial Certificate

You can obtain commercial certificates from a certificate authority (CA), such as verisign.com or thawte.com by submitting a certificate signing request (CSR) to the CA.

  1. Use the following command to create the CSR:  

    Code Block
    keytool -certreq -alias selfsigned -keystore keystore.jks -file cer- treq.csr

    You will be prompted to enter the keystore password. A certreq.csr CSR file is created for the key with the alias selfsigned.

  2. The CA will return a Root or Chain certificate and the newly signed certificate, both of which must be imported into your keystone. Use the following command to import your root certificate: 

    Code Block
    keytool -import -alias root -keystore keystore.jks -trustcacerts - file <filename_of_the_chain_certificate>

  3. Use the following command to import the new certificate:

    Code Block
    keytool -import -alias dtp -keystore keystore.jks -file <your_certificate_filename>

Tomcat Configuration

Edit the server.xml configuration file located in the <DTP_INSTALL>/tomcat/conf/ directory to configure Tomcat. Locate the <Connector port="80 or 8080" . . .> node in the <Service name="PST"> and add the following code after it:

Code Block
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false">
  <SSLHostConfig sslProtocol="TLS" keystoreFile >
      <Certificate certificateKeystoreFile="conf/.keystore" certificateKeyAlias="$ALIAS" keystorePasscertificateKeystorePassword="$PASSWORD" keyAlias="$ALIAS"/> />
      <Cipher ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"/>
  </SSLHostConfig>
</Connector>

Copy the keystore.jks file described in Keystore Generation and Certificates to the tomcat/conf directory and rename the file .keystore.  $PASSWORD is the user password specified when the keystore was created. $ALIAS is the alias assigned to the desired certificate in the keystore.

...