Products | Versions |
---|---|
Spotfire Server | 7.9 and higher |
This consists of two parts. The first part describes how to create a certificate, whereas the second part describes how to enable HTTPS communication between Spotfire Server and Clients.
<java-home dir>\bin\keytool -genkeypair -keystore keystore.p12 -storetype PKCS12 -storepass your_password -alias server_alias -keyalg RSA
<java-home dir>\bin\keytool -export -alias server_alias -storepass your_password -file server.cer -keystore keystore.p12
<java-home dir>\bin\keytool -import -v -trustcacerts -alias server_alias -file server.cer -keystore cacerts.jks -keypass your_password -storepass your_password
Owner: CN=myserv, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=myserv, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Serial number: 751751fc Valid from: Wed Jun 21 16:27:34 CEST 2017 until: Tue Sep 19 16:27:34 CEST 2017 Certificate fingerprints: MD5: FB:53:8E:40:36:41:98:E5:16:23:E7:BA:CE:3E:4F:BE SHA1: 09:A1:F8:DB:DB:54:EE:CB:C6:36:AD:CC:2C:1E:6F:9D:7A:C8:EB:3F SHA256: D2:65:67:E1:C8:92:6A:AB:46:5B:EF:1D:15:07:74:28:72:35:D1:25:48:0C:F3:35:99:C6:3A:78:95:10:73:FA #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 11 BB D6 D7 89 3E C3 C3 4A F8 5A 49 7F E3 Trust this certificate?Note: If you have made previous attempts to create a certificate, on Step 3 you may encounter an error stating "certificate reply and certificate in keystore are identical". At this point simply run the following command:
<java-home dir>\bin\keytool -delete -alias your_aliasand perform Step 3 one more time.
Certificate was added to keystore[Saving cacerts.jks]
<!-- <Connector port="443" maxHttpHeaderSize="65536" connectionTimeout="30000" enableLookups="false" URIEncoding="UTF-8" disableUploadTimeout="true" server="TIBCO Spotfire Server" compression="on" compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml" acceptorThreadCount="2" keepAliveTimeout="30000" maxKeepAliveRequests="-1" maxThreads="2000" SSLEnabled="true" scheme="https" secure="true"> <SSLHostConfig certificateVerification="none" truststoreFile="./certs/cacerts.jks" truststorePass="your_password" truststoreType="jks" sslProtocol="TLS" protocols="+TLSv1.2,+TLSv1.1,+TLSv1" honorCipherOrder="true" ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA"> <Certificate certificateKeystoreFile="./certs/keystore.p12" certificateKeystorePassword="your_password" certificateKeystoreType="PKCS12" certificateKeyAlias="server_alias" /> </SSLHostConfig> </Connector> -->
<!-- <Connector port="80" maxHttpHeaderSize="65536" connectionTimeout="30000" enableLookups="false" URIEncoding="UTF-8" disableUploadTimeout="true" server="TIBCO Spotfire Server" /> compression="on" compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml" acceptorThreadCount="2" keepAliveTimeout="30000" maxKeepAliveRequests="-1" maxThreads="2000" /> -->