Configuration de HTTPS

Cette tâche explique les étapes permettant de configurer la communication HTTPS avec un serveur Spectrum Spatial qui utilise un certificat auto-signé.

Assurez-vous que le JDK Spectrum est utilisé :
 C:\>set JAVA_HOME=C:\Program Files\Pitney Bowes\Spectrum\java64
 C:\>set path=%JAVA_HOME%\bin;%path%
  1. Créer un fichier keystore avec un certificat auto-signé.
    C:\>keytool -genkeypair -alias client -keystore keystore.p12 -storetype pkcs12 -keyalg RSA -sigalg SHA256withRSA

Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  <Spectrum server hostname>
What is the name of your organizational unit?
  [Unknown]:  Spectrum
What is the name of your organization?
  [Unknown]:  PB
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=<Spectrum server hostname>, OU=Spectrum, O=PB, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes
  2. Importez le certificat dans le fichier keystore Spectrum client-keystore.p12.
    C:\>keytool -importkeystore -srckeystore keystore.p12 -destkeystore <%SpectrumPath%>\server\app\conf\certs\client-keystore.p12 -destkeypass <Spectrum keystorePassword>

Importing keystore keystore.p12 to client-keystore.p12...
Enter destination keystore password:
Enter source keystore password:
Entry for alias client successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
  3. Effectuez les modifications de configuration de Spectrum suivantes :
    1. Modifiez le fichier spectrum-container.properties.
      # HTTPS
spectrum.https.port=8443
spectrum.https.encryption.validateCerts=false
spectrum.https.encryption.trustAll=true
                             
## overrides
spectrum.https.enabled=true
spectrum.https.encryption.selfSignedCert=true
spectrum.https.encryption.trustAllHosts=true
spectrum.http.default.protocol=https
# specify the imported keystore alias
spectrum.https.encryption.keystoreAlias=client (the same as the alias of keypair in step 1 (it should be in lowercase)).
    2. Modifiez le fichier java.properties.
      repository.port=8443
repository.useSecureConnection=true
Remarque : Pour utiliser des utilitaires Spectrum Spatial tels que tilegenerator, indiquez le fichier keystore créé à l'étape 1 comme trustStore.
JAVA_OPTS=-Djavax.net.ssl.trustStore=.\keystore.p12 -Djavax.net.ssl.trustStorePassword=password