Configuring HTTPS
This task explains the steps to configure HTTPS communication with a Spectrum Spatial server that uses a self-signed certificate.
Make sure that the Spectrum JDK is used.
C:\>set JAVA_HOME=JDK Folder Spectrum points to
C:\>set path=%JAVA_HOME%\bin;%path%
- Create a keystore with a self-signed certificate:
C:\>keytool -genkeypair -alias client -keystore keystore.p12 -storetype pkcs12 -keyalg RSA -sigalg SHA256withRSA Enter keystore password: password Re-enter new password: password What is your first and last name? [Unknown]: Spectrum server hostname What is the name of your organizational unit? [Unknown]: Spectrum What is the name of your organization? [Unknown]: PB What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Spectrum server hostname, OU=Spectrum, O=PB, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes
- Import the certificate into Spectrum keystore spectrum-keystore.p12.
C:\>keytool -importkeystore -srckeystore keystore.p12 -destkeystore %SpectrumPath%\server\conf\certs\spectrum-keystore.p12 -destkeypass Spectrum keystorePassword Importing keystore keystore.p12 to client-keystore.p12... Enter destination keystore password: Enter source keystore password: Entry for alias client successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
- Modify the Spectrum spectrum-container.properties file.
#Spectrum SSL Setting spectrum.encryption.enabled=true spectrum.encryption.trustAllHosts=true # Spectrum HTTP settings spectrum.http.default.protocol=https spectrum.https.port=8443 spectrum.https.enabled=true spectrum.https.encryption.validateCerts=false spectrum.https.encryption.selfSignedCert=true spectrum.https.encryption.trustAllHosts=true # specify the imported keystore alias spectrum.https.encryption.keystoreAlias=client (the same as the alias of keypair in step 1 (it should be in lowercase))
To use any Spectrum Spatial utilities such as tilegenerator, specify the keystore created in step 1 as the trustStore:
JAVA_OPTS=-Djavax.net.ssl.trustStore=.\keystore.p12 -Djavax.net.ssl.trustStorePassword=password
If in a production environment you are using a Certificate Authority (CA) signed certificate, then set the validateCerts
parameter to true and selfSignedCert
parameter to false in step 3:
spectrum.https.encryption.validateCerts=true
spectrum.https.encryption.selfSignedCert=false