Configuración de HTTPS
En esta tarea, se explican los pasos para configurar la comunicación HTTPS con un servidor de Spectrum Spatial que usa un certificado autofirmado.
Asegúrese de utilizar el JDK de Spectrum:
C:\>set JAVA_HOME=C:\Program Files\Pitney Bowes\Spectrum\java64
C:\>set path=%JAVA_HOME%\bin;%path%
- Cree un almacén de claves con un certificado autofirmado
C:\>keytool -genkeypair -alias client -keystore keystore.p12 -storetype pkcs12 -keyalg RSA -sigalg SHA256withRSA Enter keystore password: password Re-enter new password: password What is your first and last name? [Unknown]: <Spectrum server hostname> What is the name of your organizational unit? [Unknown]: Spectrum What is the name of your organization? [Unknown]: PB What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=<Spectrum server hostname>, OU=Spectrum, O=PB, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes
- Importe el certificado en el almacén de claves de Spectrum client-keystore.p12
C:\>keytool -importkeystore -srckeystore keystore.p12 -destkeystore <%SpectrumPath%>\server\app\conf\certs\client-keystore.p12 -destkeypass <Spectrum keystorePassword> Importing keystore keystore.p12 to client-keystore.p12... Enter destination keystore password: Enter source keystore password: Entry for alias client successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
- Realice los cambios de configuración de Spectrum:
- Modifique el archivo spectrum-container.properties
# HTTPS spectrum.https.port=8443 spectrum.https.encryption.validateCerts=false spectrum.https.encryption.trustAll=true ## overrides spectrum.https.enabled=true spectrum.https.encryption.selfSignedCert=true spectrum.https.encryption.trustAllHosts=true spectrum.http.default.protocol=https # specify the imported keystore alias spectrum.https.encryption.keystoreAlias=client (the same as the alias of keypair in step 1 (it should be in lowercase)).
- Modifique el archivo java.properties
repository.port=8443 repository.useSecureConnection=true
- Modifique el archivo spectrum-container.properties
Nota: Para usar cualquier utilidad de Spectrum Spatial, como tilegenerator, especifique el almacén de claves creado en el paso 1 como almacén de confianza
JAVA_OPTS=-Djavax.net.ssl.trustStore=.\keystore.p12 -Djavax.net.ssl.trustStorePassword=password