Generating keystore files
To configure the software to use SSL/HTTPS for secure communication, first create a keystore file. This key file contains both public keys stored as signed certificates and private keys stored in personal certificates.
Procedure
Change the directory to the following:
$CCM_HOME/jre/bin
Use the standard JDK keytool utility to generate and load a new key and a self-signed certificate.
To create the key, type the following command:
keytool -genkey -keystore keystore_file -keyalg RSA –alias machinename
When prompted, supply the certificate and password information. Doing so protects the keystore file and the keys within in the file.
The only mandatory response is to provide the host name from the URL of the IBM® Rational® Change server.
Ensure that the IP address or the host name matches the internal Rational Change IP address or host name. Doing so ensures that the key is issued to the website URL.
For example, if the generated links use 192.123.10.10, then type this value at the first and last name prompt.
keytool -genkey -keystore "/usr/local/rc53/rc.keystore" -alias hawk -keyalg RSA
Example for me :------>>>>
0> First Check if it is 2007 os then go This could happen if you are not running the command prompt in administrator mode.
If you are using windows7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode.
If not, you can also go to start -> all programs -> accessories -> right click command prompt and say run as administrator.
else
1> cmd--> enter--->cd.. --->enter--> go to C:\\ drive -----> cd Copy "C:\Program Files\Java\jdk1.6.0_31\bin" after then pest here.---> enter----> after then step 2
2> keytool -genkey -keystore "kartik.keystore" -alias "give Computer Full Name here" -keyalg RSA
Enter keystore password:kartik
choose a password: kartik
What is your first and last name?
[Unknown]: 172.30.70.53 //if you have any domain name mention domain name here
What is the name of your organizational unit?
[Unknown]: Development
What is the name of your organization?
[Unknown]: Tarang
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=172.30.70.53, OU=Development, O=Tarang, L=Bangalore, ST=Karnataka, C=India?
[no]: yes
Enter key password for
(RETURN if same as keystore password):kartik
choose a password here I give password: kartik
3>After than creat a kartik.keystore file with in this location like C:\Program Files\Java\jdk1.6.0_31\bin
4>After than go to server side and take this "kartik.keystore" and open this same command promt.(optional bellow 4 i)
4 i>keytool -importkeystore -srckeystore kartik.keystore -destkeystore kcm.p12 -deststoretype PKCS12
4 ii> for Jar file sign
jarsigner -keystore kartik.keystore -signedjar sCount.jar Count.jar KARTIK-PC
5> keytool -export -keystore kartik.keystore -storepass kartik -alias KARTIK-PC -file kartik.cer
6> keytool -import -keystore kartik.truststore -storepass kartik -trustcacerts -alias KARTIK-PC -file kartik.cer
7> for web application in server.xml file
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="D://Certificate//Certificate//kartik//kartik.keyStore"
keystorePass="kartik" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
8> for webservice connection
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<jaxws:client id="connectWebServicesUI" serviceClass="com.kartik.connectui.webservice.IConnectWebUiServices"
address="https://172.30.70.53:9888/connect/WebServices">
</jaxws:client>
<http-conf:conduit name="*.http-conduit">
<http-conf:client ConnectionTimeout="800000" ReceiveTimeout="800000"/>
<http-conf:tlsClientParameters secureSocketProtocol="SSL">
<sec:keyManagers keyPassword="kartik">
<sec:keyStore type="JKS" password="kartik" file="D://Certificate//Certificate//kartik//kartik.keyStore"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="kartik" file="D://Certificate//Certificate//kartik//kartik.truststore"/>
</sec:trustManagers>
</http-conf:tlsClientParameters>
</http-conf:conduit>
</beans>
9> web.xml add one servlet
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
.......
........
<servlet>
<description>Servlet for loading Initial application configuration</description>
<display-name>Application Configuration Loader</display-name>
<servlet-name>ConfigServlet</servlet-name>
<servlet-class>com.kartik.connectui.utils.ConfigServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
.........
..........
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
10>
package com.kartik.connectui.utils;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.kartik.connectui.webservice.IConnectWebUiServices;
public class ConfigServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private static IConnectWebUiServices services = null;
/**
* @category Loads during startup.
*/
@Override
public void init(ServletConfig conf) throws ServletException {
// String constantsFile = null;
// String realConstantsFile = null;
try {
_log.debug("Started loading of property files");
final ServletContext servletcontexx = conf.getServletContext();
final ApplicationContext appContext = WebApplicationContextUtils
.getRequiredWebApplicationContext(servletcontexx);
_log.debug("Accuring the connect with the Connect server");
services = (IConnectWebUiServices) appContext
.getBean("connectWebServicesUI");
if (null != services) {
_log.debug("Accured the connection with Connect server..");
} else {
_log.error("Error while accuring the connection with Connect server....");
}
} catch (final Exception e) {
_log.error("Error while loading the property files"
+ e.getMessage());
}
}
public static IConnectWebUiServices getServices() {
return services;
}
public static void setServices(IConnectWebUiServices services) {
ConfigServlet.services = services;
}
}
11> In mule service configure
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:https="http://www.mulesoft.org/schema/mule/https" xmlns:cxf="http://www.mulesoft.org/schema/mule/cxf" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:spring="http://www.springframework.org/schema/beans" xmlns:core="http://www.mulesoft.org/schema/mule/core" version="CE-3.3.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd
http://www.mulesoft.org/schema/mule/cxf http://www.mulesoft.org/schema/mule/cxf/current/mule-cxf.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd ">
...................
<https:connector name="MPOS_HTTPS1" cookieSpec="netscape" validateConnections="true" sendBufferSize="0" receiveBufferSize="0" receiveBacklog="0" clientSoTimeout="10000" serverSoTimeout="10000" socketSoLinger="0" proxyHostname="localhost" proxyPort="80" doc:name="HTTP\HTTPS">
<https:tls-key-store path="D://Certificate//Certificate//kartik//kartik.keyStore" keyPassword="kartik" storePassword="kartik"/>
</https:connector>
<flow name="connectWebUiservicesFlow" doc:name="connectWebUiservicesFlow">
<https:inbound-endpoint exchange-pattern="request-response" host="localhost" port="9999" path="connect/connectWebServicesUI" doc:name="HTTP" connector-ref="MPOS_HTTPS1"/>
<cxf:jaxws-service serviceClass="com.kartik.connect.webservices.IMPGWebUiServices" doc:name="SOAP" enableMuleSoapHeaders="false"/>
<component doc:name="Java">
<singleton-object class="com.kartik.connect.webservices.impl.MPGWebServices"></singleton-object>
</component>
</flow>
</mule>
12>Have any concern please give me feedback.
To configure the software to use SSL/HTTPS for secure communication, first create a keystore file. This key file contains both public keys stored as signed certificates and private keys stored in personal certificates.
Procedure
Change the directory to the following:
$CCM_HOME/jre/bin
Use the standard JDK keytool utility to generate and load a new key and a self-signed certificate.
To create the key, type the following command:
keytool -genkey -keystore keystore_file -keyalg RSA –alias machinename
When prompted, supply the certificate and password information. Doing so protects the keystore file and the keys within in the file.
The only mandatory response is to provide the host name from the URL of the IBM® Rational® Change server.
Ensure that the IP address or the host name matches the internal Rational Change IP address or host name. Doing so ensures that the key is issued to the website URL.
For example, if the generated links use 192.123.10.10, then type this value at the first and last name prompt.
keytool -genkey -keystore "/usr/local/rc53/rc.keystore" -alias hawk -keyalg RSA
Example for me :------>>>>
0> First Check if it is 2007 os then go This could happen if you are not running the command prompt in administrator mode.
If you are using windows7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode.
If not, you can also go to start -> all programs -> accessories -> right click command prompt and say run as administrator.
else
1> cmd--> enter--->cd.. --->enter--> go to C:\\ drive -----> cd Copy "C:\Program Files\Java\jdk1.6.0_31\bin" after then pest here.---> enter----> after then step 2
2> keytool -genkey -keystore "kartik.keystore" -alias "give Computer Full Name here" -keyalg RSA
Enter keystore password:kartik
choose a password: kartik
What is your first and last name?
[Unknown]: 172.30.70.53 //if you have any domain name mention domain name here
What is the name of your organizational unit?
[Unknown]: Development
What is the name of your organization?
[Unknown]: Tarang
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=172.30.70.53, OU=Development, O=Tarang, L=Bangalore, ST=Karnataka, C=India?
[no]: yes
Enter key password for
(RETURN if same as keystore password):kartik
choose a password here I give password: kartik
3>After than creat a kartik.keystore file with in this location like C:\Program Files\Java\jdk1.6.0_31\bin
4>After than go to server side and take this "kartik.keystore" and open this same command promt.(optional bellow 4 i)
4 i>keytool -importkeystore -srckeystore kartik.keystore -destkeystore kcm.p12 -deststoretype PKCS12
4 ii> for Jar file sign
jarsigner -keystore kartik.keystore -signedjar sCount.jar Count.jar KARTIK-PC
5> keytool -export -keystore kartik.keystore -storepass kartik -alias KARTIK-PC -file kartik.cer
6> keytool -import -keystore kartik.truststore -storepass kartik -trustcacerts -alias KARTIK-PC -file kartik.cer
7> for web application in server.xml file
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="D://Certificate//Certificate//kartik//kartik.keyStore"
keystorePass="kartik" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
8> for webservice connection
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<jaxws:client id="connectWebServicesUI" serviceClass="com.kartik.connectui.webservice.IConnectWebUiServices"
address="https://172.30.70.53:9888/connect/WebServices">
</jaxws:client>
<http-conf:conduit name="*.http-conduit">
<http-conf:client ConnectionTimeout="800000" ReceiveTimeout="800000"/>
<http-conf:tlsClientParameters secureSocketProtocol="SSL">
<sec:keyManagers keyPassword="kartik">
<sec:keyStore type="JKS" password="kartik" file="D://Certificate//Certificate//kartik//kartik.keyStore"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="kartik" file="D://Certificate//Certificate//kartik//kartik.truststore"/>
</sec:trustManagers>
</http-conf:tlsClientParameters>
</http-conf:conduit>
</beans>
9> web.xml add one servlet
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
.......
........
<servlet>
<description>Servlet for loading Initial application configuration</description>
<display-name>Application Configuration Loader</display-name>
<servlet-name>ConfigServlet</servlet-name>
<servlet-class>com.kartik.connectui.utils.ConfigServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
.........
..........
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
10>
package com.kartik.connectui.utils;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.kartik.connectui.webservice.IConnectWebUiServices;
public class ConfigServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private static IConnectWebUiServices services = null;
/**
* @category Loads during startup.
*/
@Override
public void init(ServletConfig conf) throws ServletException {
// String constantsFile = null;
// String realConstantsFile = null;
try {
_log.debug("Started loading of property files");
final ServletContext servletcontexx = conf.getServletContext();
final ApplicationContext appContext = WebApplicationContextUtils
.getRequiredWebApplicationContext(servletcontexx);
_log.debug("Accuring the connect with the Connect server");
services = (IConnectWebUiServices) appContext
.getBean("connectWebServicesUI");
if (null != services) {
_log.debug("Accured the connection with Connect server..");
} else {
_log.error("Error while accuring the connection with Connect server....");
}
} catch (final Exception e) {
_log.error("Error while loading the property files"
+ e.getMessage());
}
}
public static IConnectWebUiServices getServices() {
return services;
}
public static void setServices(IConnectWebUiServices services) {
ConfigServlet.services = services;
}
}
11> In mule service configure
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:https="http://www.mulesoft.org/schema/mule/https" xmlns:cxf="http://www.mulesoft.org/schema/mule/cxf" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:spring="http://www.springframework.org/schema/beans" xmlns:core="http://www.mulesoft.org/schema/mule/core" version="CE-3.3.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/https http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd
http://www.mulesoft.org/schema/mule/cxf http://www.mulesoft.org/schema/mule/cxf/current/mule-cxf.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd ">
...................
<https:connector name="MPOS_HTTPS1" cookieSpec="netscape" validateConnections="true" sendBufferSize="0" receiveBufferSize="0" receiveBacklog="0" clientSoTimeout="10000" serverSoTimeout="10000" socketSoLinger="0" proxyHostname="localhost" proxyPort="80" doc:name="HTTP\HTTPS">
<https:tls-key-store path="D://Certificate//Certificate//kartik//kartik.keyStore" keyPassword="kartik" storePassword="kartik"/>
</https:connector>
<flow name="connectWebUiservicesFlow" doc:name="connectWebUiservicesFlow">
<https:inbound-endpoint exchange-pattern="request-response" host="localhost" port="9999" path="connect/connectWebServicesUI" doc:name="HTTP" connector-ref="MPOS_HTTPS1"/>
<cxf:jaxws-service serviceClass="com.kartik.connect.webservices.IMPGWebUiServices" doc:name="SOAP" enableMuleSoapHeaders="false"/>
<component doc:name="Java">
<singleton-object class="com.kartik.connect.webservices.impl.MPGWebServices"></singleton-object>
</component>
</flow>
</mule>
12>Have any concern please give me feedback.
I am Kartik Chandra Mandal from Bangalore, India. Working as software engineer in Java technology. Have good knowledge of OWASP and CSRF in security for applications and it's implementation in Java technology.
2 comments
Click here for commentsVery Informational !! I might use a similar one for my project too.
ReplyNew thing to learn. Good one Kartik. I will try the same sometime.
Reply