Configuring HTTPS

This task explains the steps to configure HTTPS communication with a Spectrum Spatial server that uses a self-signed certificate.

C:\>set JAVA_HOME=JDK Folder Spectrum points to
C:\>set path=%JAVA_HOME%\bin;%path%

1. Create a keystore with a self-signed certificate:

   C:\>keytool -genkeypair -alias client -keystore keystore.p12 -storetype pkcs12 -keyalg RSA -sigalg SHA256withRSA
   
   Enter keystore password: password
   Re-enter new password: password
   What is your first and last name?
     [Unknown]:  Spectrum server hostname
   What is the name of your organizational unit?
     [Unknown]:  Spectrum
   What is the name of your organization?
     [Unknown]:  MyOrganization
   What is the name of your City or Locality?
     [Unknown]:
   What is the name of your State or Province?
     [Unknown]:
   What is the two-letter country code for this unit?
     [Unknown]:
   Is CN=Spectrum server hostname, OU=Spectrum, O=MyOrganization, L=Unknown, ST=Unknown, C=Unknown correct?
     [no]:  yes

2. Import the certificate into Spectrum keystore spectrum-keystore.p12.

   C:\>keytool -importkeystore -srckeystore keystore.p12 -destkeystore %SpectrumPath%\server\conf\certs\spectrum-keystore.p12 -destkeypass Spectrum keystorePassword
   
   Importing keystore keystore.p12 to client-keystore.p12...
   Enter destination keystore password:
   Enter source keystore password:
   Entry for alias client successfully imported.
   Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

3. Modify the Spectrum spectrum-container.properties file.
   Note: The full path for this file is SpectrumDirectory/server/conf/spectrum-container.properties\spectrum-container.properties.

   ################################################################################
   # Spectrum SSL settings
   ################################################################################
   spectrum.encryption.enabled=true
   spectrum.encryption.trustAllHosts=true
   ...
   ################################################################################
   # Spectrum HTTP settings
   ################################################################################
   spectrum.http.default.protocol=https
   spectrum.https.port=8443
   spectrum.https.enabled=true
   spectrum.https.encryption.validateCerts=true
   spectrum.https.encryption.selfSignedCert=false
   spectrum.https.encryption.trustAllHosts=true
   # specify the imported keystore alias
   spectrum.https.encryption.keystoreAlias=client

   Note: The value for the keystoreAlias setting is the same as for the alias specified for the keypair in step 1. Make sure that you enter the value here in all lowercase characters.
4. To use any Spectrum Spatial utilities such as tilegenerator, specify the keystore created in step 1 as the trustStore:

   JAVA_OPTS=-Djavax.net.ssl.trustStore=.\keystore.p12 -Djavax.net.ssl.trustStorePassword=password

5. If in a production environment you are using a Certificate Authority (CA) signed certificate, then set the validateCerts parameter to true (the default value) and the selfSignedCert parameter to false in step 3:

   spectrum.https.encryption.validateCerts=true
   spectrum.https.encryption.selfSignedCert=false

   Conversely, if you are using a self-signed certificate, set the validateCerts parameter to false and the selfSignedCert parameter to true.