You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fortress@directory.apache.org by "Oleksandr Bodriagov (Polystar)" <ol...@polystar.com> on 2015/06/18 09:56:22 UTC
https with fortress rest
Hi,
How can the https protocol be enabled for the fortress rest?
Shawn suggested configuring SSL/TLS on Tomcat and using ³https²-based URLs.
Does it mean that by following these Tomcat¹s instructions
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
everything will work? Are there any other configuration steps involved?
/Oleksandr
Re: https with fortress rest
Posted by Shawn McKinney <sm...@apache.org>.
> On Jun 18, 2015, at 9:07 AM, Shawn McKinney <sm...@apache.org> wrote:
>
> that tells it which port to listen to, which protocol, location of keystone and its password.
>
> The client-side has to know the new URL, the location of the truststore that contains the public key. Are you using the fortress-core as the test client? If so you will need to change some fortress properties to match the new server coordinates.
If using fortress-core client program to test your fortress-rest server, add these params to build.properties file (in fortress-core project) and rerun the ‘mvn install’ target.
enable.mgr.impl.rest=true
# test user account:
http.user=demouser4
http.pw=password
http.host=localhost
http.port=8443
http.protocol=https
The http.user is usually added via a script and has the roles necessary to hit the fortress-rest server (nothing has changed here)
The http.port will need to point to whatever TLS port you chose in Tomcat. The http.protocol is used to construct the necessary path for TLS enablement.
finally you will need to tell the fortress-core runtime (client-side) where the trust store is that contains the public key to your Tomcat server:
trust.store=/fully/qualified/file/name/to/mytruststore
trust.store.password=changeit
trust.store.set.prop=true
Shawn
smckinney@apache.org
Re: https with fortress rest
Posted by Shawn McKinney <sm...@apache.org>.
> On Jun 18, 2015, at 2:56 AM, Oleksandr Bodriagov (Polystar) <ol...@polystar.com> wrote:
>
> How can the https protocol be enabled for the fortress rest?
> Shawn suggested configuring SSL/TLS on Tomcat and using łhttps˛-based URLs.
> Does it mean that by following these Tomcatąs instructions
> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
> everything will work? Are there any other configuration steps involved?
For server-side (Tomcat) config, yes those instructions should work though I haven’t tested that document.
Your server.conf will have an entry that looks something like this:
<!-- Define a TLS Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/mykeystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS”/>
that tells it which port to listen to, which protocol, location of keystone and its password.
The client-side has to know the new URL, the location of the truststore that contains the public key. Are you using the fortress-core as the test client? If so you will need to change some fortress properties to match the new server coordinates.
There is a tutorial that covers some of this ground:
https://symas.com/javadocs/apache-fortress-demo/
Shawn
smckinney@apache.org