Enabling SSL with LiveTime or Novell Service Desk Installer
In order to activate the HTTPS protocol on LiveTime or Novell Service Desk after using the Installer, you first need create a public and private key pair to be used for encryption. You can use keytool command to generate a key pair. The following sequence of commands show you how to do it:
shell> keytool -genkey -alias livetime -keyalg RSA keytool -genkey -alias livetime -keyalg RSA Enter keystore password: changeit Re-enter new password: What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: MIS What is the name of your organization? [Unknown]: LiveTime Software What is the name of your City or Locality? [Unknown]: Newport Beach What is the name of your State or Province? [Unknown]: California What is the two-letter country code for this unit? [Unknown]: US Is CN=localhost, OU=MIS, O=LiveTime Software, L=Newport Beach, ST=California, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password): Re-enter new password:
Note:
- Type password for keystore, which is “changeit”.
- [firstname and lastname] give the fully qualified host name. In this project, you will have to use localhost becuase this is the machine name that you use to access the Tomcat server from the VM.
- You need type some information about your organization, location, etc. (You can make it up as you like)
When you execute the above command, keytool will generate a public key and private key pair and store it to your keystore file. More precisely, the generated public key is stored in the form of certificate. A certificate is nothing more than a statement like “the name of this host is localhost and its public key is XX:XX:…:XX:XX. This certificate is valid from XX/XX/XX until XX/XX/XX”. All certificates need to be signed by a certificate authority (CA), but since you have not asked any third party CA to sign your certificate, it has been signed “by itself” at this point. This type of certificate is often referred to as a “self-signed certificate”.
If you are running windows you will need to copy the .keystore file to the root of your hard drive.
Enable SSL on LiveTime
Now that your key pair is ready, the final step is to change your $LIVETIME_HOME/Server/conf/server.xml file to enable the SSL connection, An exampleelement for an SSL connector is already included in the default server.xml file, which looks something like this:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!-- Delete
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
--> Delete
Remove the comment around node to enable SSL.
Windows users will also need to remove theĀ $LIVETIME_HOME/Server/bin/tcnative-1.dll file in order to process SSL requests.
Restart LiveTime or Novell Service Desk
Use the System Preference on MacOS X or Start Menu Item on Windows to restart the application.
Test HTTPS
You should now be able to see the application on HTTPS byusing the following URL:
https://localhost:8443
Note that most browsers will provide a warning when hitting this URL becuase it has been self signed. You can simply ignore this warning and proceed by adding a “security exception”.
Install a trusted certificate
Next let’s get your certificate signed by a trusted CA to avoid this warning in future. The first step to obtaining a trusted certificate (your certificate signed by one of the trusted CA) is to create the “certificate signing request”.
shell> keytool -certreq -keyalg RSA -alias tomcat -file certreq.txt
If you run the above command, you will see that a request file, named certreq.txt, is generated in your current directory. A request file is nothing more than your public key together with some information about your site (like the fully qualified name of your site and other information that you provided when you created your public key/private key pair).
Next you we need to obtain the trusted certificate from the CA by sending this file to the provider. Once authorized you will receive the certificate which you will then install. Now that you have a trusted certificate, import it to your keystore, so that the LiveTime server can use it.
shell> keytool -import -alias tomcat -file <downloaded, signed cert file>
Now you can restart the LiveTime application as before and you can open the same URL as you did before, but this time you will not get the security exception.
You are now running under SSL.