Page History
Configuration
Specify the certificate configuration and the client certificate name of the default administration user under the secure configuration property.
|
The adminUser has all permission rights over the administration and security APIs; it and can therefore add new administration users and assign user permissions (read/write) to different Storage Units through the security API. Security API.
Generating Self-Signed Certificates
There is a utility script bin/generate-ssl-certs, available for Windows (.bat) and Linux (.sh), that generates the self-signed CA, server, and client certificate to load StageR in secure mode and to authenticate to StageR from client applications.
The command receives a destination folder, the client certificate name, and the certificate password.
Run the command from within the bin folder:
Code Block | ||||
---|---|---|---|---|
| ||||
generate-ssl-certs.bat --generate ..\config\sslcerts TestUser 123456 |
NOTE: generate-ssl-certs.bat must be run from the bin directory. If you run from another directory, it appears to work but will not write all the certificate files (in fact it write the key files only)
Connecting from a Java Application
Before generating the keystore, install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8.
- Download jce8_policy from here
- Extract and copy the files to $JAVA_HOME/jre/lib/security
To connect to StageR from a Java application, generate a keystore for the client certificate and a truststore for the CA certificate:
- Keystore:
Code Block | ||||
---|---|---|---|---|
| ||||
keytool -v -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore client.jks -deststoretype JKS |
- Truststore:
Code Block | ||||
---|---|---|---|---|
| ||||
keytool -import -file ca.crt -keystore truststore.jks |
When loading the java application, pass the following parameters:
Code Block | ||||
---|---|---|---|---|
| ||||
-Djavax.net.ssl.keyStore=config/client.jks -Djavax.net.ssl.keyStorePassword=YOUR_PASSWORD -Djavax.net.ssl.trustStore=config/truststore.jks -Djavax.net.ssl.trustStorePassword=YOUR_PASSWORD |