Configuring HTTPS

This task explains the steps to configure HTTPS communication with a Spectrum Spatial server that uses a self-signed certificate.

Make sure that the Spectrum JDK is used.
C:\>set JAVA_HOME=JDK Folder Spectrum points to
C:\>set path=%JAVA_HOME%\bin;%path%
  1. Create a keystore with a self-signed certificate:
    C:\>keytool -genkeypair -alias client -keystore keystore.p12 -storetype pkcs12 -keyalg RSA -sigalg SHA256withRSA
    Enter keystore password: password
    Re-enter new password: password
    What is your first and last name?
      [Unknown]:  Spectrum server hostname
    What is the name of your organizational unit?
      [Unknown]:  Spectrum
    What is the name of your organization?
      [Unknown]:  PB
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit?
    Is CN=Spectrum server hostname, OU=Spectrum, O=PB, L=Unknown, ST=Unknown, C=Unknown correct?
    [no]:  yes
  2. Import the certificate into Spectrum keystore spectrum-keystore.p12.
    C:\>keytool -importkeystore -srckeystore keystore.p12 -destkeystore %SpectrumPath%\server\conf\certs\spectrum-keystore.p12 -destkeypass Spectrum keystorePassword
    Importing keystore keystore.p12 to client-keystore.p12...
    Enter destination keystore password:
    Enter source keystore password:
    Entry for alias client successfully imported.
    Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
  3. Modify the Spectrum file.
    #Spectrum SSL Setting
    # Spectrum HTTP settings 
    # specify the imported keystore alias
    spectrum.https.encryption.keystoreAlias=client (the same as the alias of keypair in step 1 (it should be in lowercase))

To use any Spectrum Spatial utilities such as tilegenerator, specify the keystore created in step 1 as the trustStore:\keystore.p12

If in a production environment you are using a Certificate Authority (CA) signed certificate, then set the validateCerts parameter to true and selfSignedCert parameter to false in step 3: