Il giorno 30/mar/2012, alle ore 09.50, Bob Lannoy ha scritto: > Hi Francesco, > > indeed it works ;) > I did it on a Tomcat 6 instance. > * enabled SSL for core > * referenced the truststore for console through JVM params > -Djavax.net.ssl.trustStore="...mykeystore.jks" > -Djavax.net.ssl.trustStorePassword="mykeystore" > * put the right params in configuration.properties (https, hostname as > in certificate) > I'll be happy to put up a wiki page for that. > There's one thing I didn't like and that's I have to pass the > truststore params to the VM in command line. > Perhaps there's a way to specify the truststore in the configuration > somewhere?
Hi Bob, you can configure your tomcat container with syncope console deployed inside in order to use the new truststore. Alternatively you can add CA certificate in the default jvm truststore. Regards, F. > > regards > > Bob > > 2012/3/29 Francesco Chicchiriccò <[email protected]>: >> On 29/03/2012 09:25, Bob Lannoy wrote: >>> Hi, >>> >>> with the remark about the use of MD5, I thought of something else. >>> If I'm not mistaken the connection between console and core is over plain >>> HTTP. >>> Do you plan supporting SSL connections between both? I put core behind >>> SSL but then the console didn't connect. >>> I saw in the trunk that in the configuration properties for the >>> console the protocol (scheme) option has been split out so maybe >>> you're already planning this? >> >> Hi Bob, >> there is nothing, in principle, that will obstacle core webapp to be >> available in HTTPS only (and hence the console to connect via HTTPS to >> the core): only, be sure to overcome usual issues arising when using >> self-signed certificates in Java: here is a brief checklist I would suggest: >> >> 1. put the servlet container with core webapp deployed inside in HTTPS >> 2. add the certificate of the CA you have used to sign the certificate >> for the step above in a trustore >> 3. reference the trustore above when launching the servlet container >> with console webapp deployed inside >> >> This should work: please, let us know whether you succeed. >> It could also be the case to add a page on our wiki about this. >> >> Regards. >> >> -- >> Francesco Chicchiriccò >> >> Apache Cocoon PMC and Apache Syncope PPMC Member >> http://people.apache.org/~ilgrosso/ >>
