| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE html |
| PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html lang="en-us"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> |
| <meta name="abstract" content="You can enable the use of HTTPS protocol for secure communications where the information that is exchanged between your application and server is sensitive."/> |
| <meta name="description" content="You can enable the use of HTTPS protocol for secure communications where the information that is exchanged between your application and server is sensitive."/> |
| |
| <link rel="stylesheet" type="text/css" href="../css/documentation.css?x=2735338516717223"/> |
| <title>Enabling HTTPS for Secure Communications</title> |
| <!--[if lte IE 7]><style> |
| .codeblock{ |
| overflow:visible; |
| }</style><![endif]--> |
| <script type="text/javascript" src="js/jquery-1.10.1.min.js"> </script> |
| </head> |
| <body class="" id="loio2f3c9d2007b842db9eb437676b3c538f"> |
| <div id="wrapper"><div id="container"> |
| <h1 class="title topictitle1">Enabling HTTPS for Secure Communications</h1> |
| <div class="body taskbody"><p class="shortdesc">You can enable the use of HTTPS protocol for secure communications where the |
| information that is exchanged between your application and server is |
| sensitive.</p> |
| <div class="section context"><div class="tasklabel"><h2 class="sectiontitle tasklabel">Context</h2></div> |
| <p class="p">First, configure the use of secure socket layer (SSL) in the |
| landscape, and then configure SSL in the framework. </p> |
| |
| <p class="p">The following is an overview of how to enable HTTPS protocol for secure |
| communications:</p> |
| |
| <ol class="ol" id="loio2f3c9d2007b842db9eb437676b3c538f__ol_mf2_skj_vk"><li class="li">Obtain and install in your work station, the root certificate (CA root |
| certificate) of the server that has been configured as the |
| SSL server.</li> |
| <li class="li">Add information about the SSL server certificate to the Java Runtime Environment |
| (JRE) Keystore using the application, <span class="ph uicontrol">Keytool</span>. <div class="note note"><span class="notetitle">Note</span> You |
| can obtain the CA root certificate directly from the system administrator of |
| the server.</div> |
| </li> |
| </ol> |
| |
| </div></div> |
| <div class="topic task nested1" id="task_sjm_knj_vk"><h2 class="title topictitle2">Obtain and Install the CA certificate from the server</h2> |
| <div class="body taskbody"><div class="section context"><div class="tasklabel"><h3 class="sectiontitle tasklabel">Context</h3></div>To export an SSL server certificate from the SSL Server Standard PSE in the host:</div><div class="tasklabel"><h3 class="sectiontitle tasklabel">Procedure</h3></div><ol class="ol steps" id="task_sjm_knj_vk__steps_cnv_mnj_vk"><li class="li step"><span class="ph cmd">Use the <span class="keyword cmdname">Trust manager</span> (transaction |
| <span class="ph cmdtext">STRUST</span>) in the system to export |
| the CA’s Root certificate. </span></li> |
| <li class="li step"><span class="ph cmd">Select <span class="keyword uilabel">SSL Server Standard node</span> in right-hand side |
| tree.</span></li> |
| <li class="li step"><span class="ph cmd">Choose the <span class="keyword uilabel">SSL certificate</span> under <span class="keyword uilabel">Own |
| Certificate</span>, choose <span class="keyword uilabel">Certificate</span>, and then |
| choose <span class="keyword uilabel">Export</span>.</span></li> |
| <li class="li step"><span class="ph cmd">Specify the location of the certificate in your file system.</span></li> |
| </ol> |
| </div> |
| </div> |
| <div class="topic task nested1" id="task_rvy_pnj_vk"><h2 class="title topictitle2">Add Information about the Gateway Server Certificate to Your Keystore</h2> |
| <div class="body taskbody"><div class="section context"><div class="tasklabel"><h3 class="sectiontitle tasklabel">Context</h3></div> |
| <p class="p"> Download the utility, <span class="ph uicontrol">Keytool</span>, to help you create and |
| manage digital certificates. </p> |
| |
| <p class="p">You can obtain the utility at: <a class="extlink" href="http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html" target="_blank">http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html<img src="../images/3rd_link.png" class="link-external" alt="Information published" title="Information published" border="0"/></a> |
| </p> |
| |
| <p class="p">Keytool is a command-line utility that allows you to create and manage keystores |
| for digital certificates in the Java environment. </p> |
| |
| <p class="p">You can list the current certificates contained within the keystore using the |
| <span class="keyword cmdname">-list</span> command of the keytool. </p> |
| |
| <p class="p">The initial password for the <span class="keyword uilabel">ca certs</span> keystore is |
| <span class="keyword cmdname">changeit</span>. </p> |
| |
| </div><div class="example"><h2 class="exampletitle">Example</h2> |
| <pre class="pre screen">C:\Program Files\Java\jdk1.6.0_26\jre\bin>keytool -list –keystore ..\lib\security\cacerts</pre> |
| |
| <p class="p">Enter keystore password: <span class="keyword cmdname">changeit</span>. </p> |
| |
| <p class="p">The following displays:</p> |
| |
| <pre class="pre screen">Keystore type: jks Keystore provider: SUN |
| Your keystore contains 11 entries: engweb, Wed Apr 11 16:22:49 EDT 2001, trustedCertEntry, |
| Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16 thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999,trustedCertEntry, |
| Certificate fingerprint (MD5):1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9 thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry, |
| Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41 verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry, |
| Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry, |
| Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry, |
| Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trustedCertEntry, |
| Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10 verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry, |
| Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20 verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry, |
| Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93 thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry, |
| Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry, |
| Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8</pre> |
| |
| </div> |
| </div> |
| </div> |
| <div class="topic task nested1" id="task_h1l_cqj_vk"><h2 class="title topictitle2">Add the CA Root Certificate to the Keystore</h2> |
| <div class="body taskbody"><div class="section context"><div class="tasklabel"><h3 class="sectiontitle tasklabel">Context</h3></div>You must add the CA certificate you received from the |
| server to the Eclipse keystore.<p class="p">From the command line, enter <span class="keyword cmdname">keytool |
| –import</span>, to import the file into your cacerts |
| keystore.</p> |
| </div><div class="example"><h2 class="exampletitle">Example</h2><pre class="pre screen">C:\Program Files\Java\jdk1.6.0_26\jre\bin>keytool -import –keystore ..\lib\security\cacerts -file c:\ Rootca.cer </pre> |
| To |
| check, run <span class="keyword cmdname">keytool -list</span> again to verify that your private root |
| certificate was added. For example, |
| <pre class="pre screen">C:\Program Files\Java\jdk1.6.0_26\jre\bin>keytool -list -keystore ..\lib\security\cacerts</pre> |
| You |
| should now see a list of all the certificates including the one you just added.<div class="p">In |
| addition, verify that the JAVA home location is defined in the file, |
| <span class="keyword uilabel">eclipse.ini.</span> For example, |
| <pre class="pre screen">-vm C:/Program Files/Java/jdk1.6.0_21/bin/javaw.exe</pre> |
| |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="topic task nested1" id="task_rxx_drj_vk"><h2 class="title topictitle2">Configure HTTPS in the Framework</h2> |
| <div class="body taskbody"><div class="section context"><div class="tasklabel"><h3 class="sectiontitle tasklabel">Context</h3></div>After you have configured the use of SSL in the landscape, you can configure SSL in the framework. <p class="p">To configure SSL in the |
| framework:</p> |
| </div><div class="tasklabel"><h3 class="sectiontitle tasklabel">Procedure</h3></div><ol class="ol steps" id="task_rxx_drj_vk__steps_gtg_grj_vk"><li class="li step"><span class="ph cmd">From the main menu, select <span class="ph menucascade"><img src="../images/navstart.gif" alt="Start of the navigation path" title="Start of the navigation path"/> <span class="ph uicontrol">Window</span> <img src="../images/navstep.gif" alt="Next navigation step" title="Next navigation step"/> <span class="ph uicontrol"> Preferences </span> <img src="../images/navstep.gif" alt="Next navigation step" title="Next navigation step"/> <span class="ph uicontrol"> OData Development </span> <img src="../images/navstep.gif" alt="Next navigation step" title="Next navigation step"/> <span class="ph uicontrol"> </span> <img src="../images/navstep.gif" alt="Next navigation step" title="Next navigation step"/> <span class="ph uicontrol"> Connections</span> <img src="../images/navend.gif" alt="End of the navigation path" title="End of the navigation path"/></span>. The <span class="keyword uilabel">Create Connections </span>dialog displays. |
| </span></li> |
| <li class="li step"><span class="ph cmd">Choose <span class="keyword uilabel">Add</span>. The Connections displays.</span></li> |
| <li class="li step"><span class="ph cmd">Select <span class="keyword uilabel">Use HTTPS (Certificate needed)</span>, and enter the |
| connection settings for the host.</span></li> |
| </ol> |
| </div> |
| </div> |
| </div></div> |
| </body> |
| </html> |