Il giorno 30/mar/2012, alle ore 14.49, Bob Lannoy ha scritto: > Hi Fabio, > > what do you mean by "configure your tomcat container with syncope > console deployed inside in order to use the new truststore." > I guess this is what I did by specifying de JAVA_OPTS on startup of tomcat?
You can modify your server.xml in order to add truststore file and password inside the right "Connector" element. F. > > Bob > > On 30 March 2012 14:18, Fabio Martelli <[email protected]> wrote: >> >> Il giorno 30/mar/2012, alle ore 09.50, Bob Lannoy ha scritto: >> >>> Hi Francesco, >>> >>> indeed it works ;) >>> I did it on a Tomcat 6 instance. >>> * enabled SSL for core >>> * referenced the truststore for console through JVM params >>> -Djavax.net.ssl.trustStore="...mykeystore.jks" >>> -Djavax.net.ssl.trustStorePassword="mykeystore" >>> * put the right params in configuration.properties (https, hostname as >>> in certificate) >>> I'll be happy to put up a wiki page for that. >>> There's one thing I didn't like and that's I have to pass the >>> truststore params to the VM in command line. >>> Perhaps there's a way to specify the truststore in the configuration >>> somewhere? >> >> Hi Bob, >> you can configure your tomcat container with syncope console deployed inside >> in order to use the new truststore. >> Alternatively you can add CA certificate in the default jvm truststore. >> >> Regards, >> F. >> >>> >>> regards >>> >>> Bob >>> >>> 2012/3/29 Francesco Chicchiriccò <[email protected]>: >>>> On 29/03/2012 09:25, Bob Lannoy wrote: >>>>> Hi, >>>>> >>>>> with the remark about the use of MD5, I thought of something else. >>>>> If I'm not mistaken the connection between console and core is over plain >>>>> HTTP. >>>>> Do you plan supporting SSL connections between both? I put core behind >>>>> SSL but then the console didn't connect. >>>>> I saw in the trunk that in the configuration properties for the >>>>> console the protocol (scheme) option has been split out so maybe >>>>> you're already planning this? >>>> >>>> Hi Bob, >>>> there is nothing, in principle, that will obstacle core webapp to be >>>> available in HTTPS only (and hence the console to connect via HTTPS to >>>> the core): only, be sure to overcome usual issues arising when using >>>> self-signed certificates in Java: here is a brief checklist I would >>>> suggest: >>>> >>>> 1. put the servlet container with core webapp deployed inside in HTTPS >>>> 2. add the certificate of the CA you have used to sign the certificate >>>> for the step above in a trustore >>>> 3. reference the trustore above when launching the servlet container >>>> with console webapp deployed inside >>>> >>>> This should work: please, let us know whether you succeed. >>>> It could also be the case to add a page on our wiki about this. >>>> >>>> Regards. >>>> >>>> -- >>>> Francesco Chicchiriccò >>>> >>>> Apache Cocoon PMC and Apache Syncope PPMC Member >>>> http://people.apache.org/~ilgrosso/ >>>> >>
