Hi Fabio, what do you mean by "configure your tomcat container with syncope console deployed inside in order to use the new truststore." I guess this is what I did by specifying de JAVA_OPTS on startup of tomcat?
Bob On 30 March 2012 14:18, Fabio Martelli <[email protected]> wrote: > > Il giorno 30/mar/2012, alle ore 09.50, Bob Lannoy ha scritto: > >> Hi Francesco, >> >> indeed it works ;) >> I did it on a Tomcat 6 instance. >> * enabled SSL for core >> * referenced the truststore for console through JVM params >> -Djavax.net.ssl.trustStore="...mykeystore.jks" >> -Djavax.net.ssl.trustStorePassword="mykeystore" >> * put the right params in configuration.properties (https, hostname as >> in certificate) >> I'll be happy to put up a wiki page for that. >> There's one thing I didn't like and that's I have to pass the >> truststore params to the VM in command line. >> Perhaps there's a way to specify the truststore in the configuration >> somewhere? > > Hi Bob, > you can configure your tomcat container with syncope console deployed inside > in order to use the new truststore. > Alternatively you can add CA certificate in the default jvm truststore. > > Regards, > F. > >> >> regards >> >> Bob >> >> 2012/3/29 Francesco Chicchiriccò <[email protected]>: >>> On 29/03/2012 09:25, Bob Lannoy wrote: >>>> Hi, >>>> >>>> with the remark about the use of MD5, I thought of something else. >>>> If I'm not mistaken the connection between console and core is over plain >>>> HTTP. >>>> Do you plan supporting SSL connections between both? I put core behind >>>> SSL but then the console didn't connect. >>>> I saw in the trunk that in the configuration properties for the >>>> console the protocol (scheme) option has been split out so maybe >>>> you're already planning this? >>> >>> Hi Bob, >>> there is nothing, in principle, that will obstacle core webapp to be >>> available in HTTPS only (and hence the console to connect via HTTPS to >>> the core): only, be sure to overcome usual issues arising when using >>> self-signed certificates in Java: here is a brief checklist I would suggest: >>> >>> 1. put the servlet container with core webapp deployed inside in HTTPS >>> 2. add the certificate of the CA you have used to sign the certificate >>> for the step above in a trustore >>> 3. reference the trustore above when launching the servlet container >>> with console webapp deployed inside >>> >>> This should work: please, let us know whether you succeed. >>> It could also be the case to add a page on our wiki about this. >>> >>> Regards. >>> >>> -- >>> Francesco Chicchiriccò >>> >>> Apache Cocoon PMC and Apache Syncope PPMC Member >>> http://people.apache.org/~ilgrosso/ >>> >
