Configuración de HTTPS

En esta tarea, se explican los pasos para configurar la comunicación HTTPS con un servidor de Spectrum Spatial que usa un certificado autofirmado.

Asegúrese de utilizar el JDK de Spectrum:
 C:\>set JAVA_HOME=C:\Program Files\Pitney Bowes\Spectrum\java64
 C:\>set path=%JAVA_HOME%\bin;%path%
  1. Cree un almacén de claves con un certificado autofirmado
    C:\>keytool -genkeypair -alias client -keystore keystore.p12 -storetype pkcs12 -keyalg RSA -sigalg SHA256withRSA

Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  <Spectrum server hostname>
What is the name of your organizational unit?
  [Unknown]:  Spectrum
What is the name of your organization?
  [Unknown]:  PB
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=<Spectrum server hostname>, OU=Spectrum, O=PB, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes
  2. Importe el certificado en el almacén de claves de Spectrum client-keystore.p12
    C:\>keytool -importkeystore -srckeystore keystore.p12 -destkeystore <%SpectrumPath%>\server\app\conf\certs\client-keystore.p12 -destkeypass <Spectrum keystorePassword>

Importing keystore keystore.p12 to client-keystore.p12...
Enter destination keystore password:
Enter source keystore password:
Entry for alias client successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
  3. Realice los cambios de configuración de Spectrum:
    1. Modifique el archivo spectrum-container.properties
      # HTTPS
spectrum.https.port=8443
spectrum.https.encryption.validateCerts=false
spectrum.https.encryption.trustAll=true
                             
## overrides
spectrum.https.enabled=true
spectrum.https.encryption.selfSignedCert=true
spectrum.https.encryption.trustAllHosts=true
spectrum.http.default.protocol=https
# specify the imported keystore alias
spectrum.https.encryption.keystoreAlias=client (the same as the alias of keypair in step 1 (it should be in lowercase)).
    2. Modifique el archivo java.properties
      repository.port=8443
repository.useSecureConnection=true
Nota: Para usar cualquier utilidad de Spectrum Spatial, como tilegenerator, especifique el almacén de claves creado en el paso 1 como almacén de confianza
JAVA_OPTS=-Djavax.net.ssl.trustStore=.\keystore.p12 -Djavax.net.ssl.trustStorePassword=password