Page History
Configuration
Specify the certificate configuration and the client certificate name of the default administration user under the secure configuration property.
|
The adminUser has all permission rights over the administration and security APIs; it and can therefore add new administration users and assign user permissions (read/write) to different Storage Units through the security Security API.
GenerateGenerating Self-
sign certificatesSigned Certificates
There is a utility script bin/generate-ssl-certs, available for Windows (.bat) and Linux (.sh), that generates the self-sign casigned CA, server, and client certificate to load StageR in secure mode and to authenticate to StageR from client applications.
The command receives a destination folder, the client certificate name, and the certificate password.
Run the command from within the bin folder:
Code Block | ||||
---|---|---|---|---|
| ||||
generate-ssl-certs.bat --generate ..\config\sslcerts TestUser 123456 |
Connecting from a Java
applicationApplication
Before generating the keystore, install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8.
- Download jce8_policy from here
- Extract and copy the files to $JAVA_HOME/jre/lib/security
To connect to StageR from a Java application, generate a keystore for the client certificate and a truststore for the CA certificate:
- Keystore:
Code Block | ||||
---|---|---|---|---|
| ||||
keytool -v -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore client.jks -deststoretype JKS |
- Truststore:
Code Block | ||||
---|---|---|---|---|
| ||||
keytool -import -file ca.crt -keystore truststore.jks |
When loading the java application, pass the following parameters:
Code Block | ||||
---|---|---|---|---|
| ||||
-Djavax.net.ssl.keyStore=config/client.jks -Djavax.net.ssl.keyStorePassword=YOUR_PASSWORD -Djavax.net.ssl.trustStore=config/truststore.jks -Djavax.net.ssl.trustStorePassword=YOUR_PASSWORD |