Hi, I think the connector element is to connect to the webapp, it's not to specify the truststore that a webapp can use to connect to another server
Bob On 30 March 2012 14:53, Fabio Martelli <[email protected]> wrote: > > Il giorno 30/mar/2012, alle ore 14.49, Bob Lannoy ha scritto: > >> Hi Fabio, >> >> what do you mean by "configure your tomcat container with syncope >> console deployed inside in order to use the new truststore." >> I guess this is what I did by specifying de JAVA_OPTS on startup of tomcat? > > You can modify your server.xml in order to add truststore file and password > inside the right "Connector" element. > > F. > >> >> Bob >> >> On 30 March 2012 14:18, Fabio Martelli <[email protected]> wrote: >>> >>> Il giorno 30/mar/2012, alle ore 09.50, Bob Lannoy ha scritto: >>> >>>> Hi Francesco, >>>> >>>> indeed it works ;) >>>> I did it on a Tomcat 6 instance. >>>> * enabled SSL for core >>>> * referenced the truststore for console through JVM params >>>> -Djavax.net.ssl.trustStore="...mykeystore.jks" >>>> -Djavax.net.ssl.trustStorePassword="mykeystore" >>>> * put the right params in configuration.properties (https, hostname as >>>> in certificate) >>>> I'll be happy to put up a wiki page for that. >>>> There's one thing I didn't like and that's I have to pass the >>>> truststore params to the VM in command line. >>>> Perhaps there's a way to specify the truststore in the configuration >>>> somewhere? >>> >>> Hi Bob, >>> you can configure your tomcat container with syncope console deployed >>> inside in order to use the new truststore. >>> Alternatively you can add CA certificate in the default jvm truststore. >>> >>> Regards, >>> F. >>> >>>> >>>> regards >>>> >>>> Bob >>>> >>>> 2012/3/29 Francesco Chicchiriccò <[email protected]>: >>>>> On 29/03/2012 09:25, Bob Lannoy wrote: >>>>>> Hi, >>>>>> >>>>>> with the remark about the use of MD5, I thought of something else. >>>>>> If I'm not mistaken the connection between console and core is over >>>>>> plain HTTP. >>>>>> Do you plan supporting SSL connections between both? I put core behind >>>>>> SSL but then the console didn't connect. >>>>>> I saw in the trunk that in the configuration properties for the >>>>>> console the protocol (scheme) option has been split out so maybe >>>>>> you're already planning this? >>>>> >>>>> Hi Bob, >>>>> there is nothing, in principle, that will obstacle core webapp to be >>>>> available in HTTPS only (and hence the console to connect via HTTPS to >>>>> the core): only, be sure to overcome usual issues arising when using >>>>> self-signed certificates in Java: here is a brief checklist I would >>>>> suggest: >>>>> >>>>> 1. put the servlet container with core webapp deployed inside in HTTPS >>>>> 2. add the certificate of the CA you have used to sign the certificate >>>>> for the step above in a trustore >>>>> 3. reference the trustore above when launching the servlet container >>>>> with console webapp deployed inside >>>>> >>>>> This should work: please, let us know whether you succeed. >>>>> It could also be the case to add a page on our wiki about this. >>>>> >>>>> Regards. >>>>> >>>>> -- >>>>> Francesco Chicchiriccò >>>>> >>>>> Apache Cocoon PMC and Apache Syncope PPMC Member >>>>> http://people.apache.org/~ilgrosso/ >>>>> >>> >
