development:security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
development:security [2017/02/28 14:09] anthonysena |
development:security [2018/03/20 13:33] anthonysena |
||
|---|---|---|---|
| Line 123: | Line 123: | ||
| If authentication completes successfully, token is appended to the redirect URL. | If authentication completes successfully, token is appended to the redirect URL. | ||
| + | |||
| + | ==== BASIC SECURITY CONFIGURATION ==== | ||
| + | |||
| + | In the event that you do not have one of the supported OAuth providers available, WebAPI also supports as [[documentation:software:webapi:basic_security|basic security configuration as described in this tutorial]]. | ||
| ==== AUTHORIZAION ==== | ==== AUTHORIZAION ==== | ||
| Line 253: | Line 257: | ||
| * Now you need to follow instructions of CA (Certification Authority) of your choice to submit your CSR (for example VeriSign) to obtain the SSL certifiate. Alternatively, you may opt to use [[development:OpenSSL|OpenSSL]] to create a local CA for non-production use. | * Now you need to follow instructions of CA (Certification Authority) of your choice to submit your CSR (for example VeriSign) to obtain the SSL certifiate. Alternatively, you may opt to use [[development:OpenSSL|OpenSSL]] to create a local CA for non-production use. | ||
| - | * When you obtained certificate from CA, you need to import it into your keystore | + | * When you obtained certificate from CA, you need to import the CA’s root and intermediate certificates into a Java keystore file before you import the actual SSL certificate. The steps below outline this process for a Windows machine. |
| + | |||
| + | === Step 1: Retrieving your Root, Intermediate directly from your SSL certificate: === | ||
| + | |||
| + | * Take your SSL certificate with a .cer extension. and double click on it. | ||
| + | * At the certificate popup click on Certification Path. | ||
| + | * {{:development:development:software:security:image001.png?200|}} | ||
| + | * Under Certification Path you will see a tier of three certificates. | ||
| + | * Top certificate = Root | ||
| + | * Middle certificate = Intermediate | ||
| + | * Bottom certificate = SSL certificate for the common name it was issued to. | ||
| + | * {{:development:development:software:security:image002.png?200|}} | ||
| + | * **Double click** on the **top certificate Root** in order to bring up its information. | ||
| + | * {{:development:development:software:security:image003.png?200|}} | ||
| + | * Click **Details.** | ||
| + | * Click **Copy to File...** | ||
| + | * {{:development:development:software:security:image004.png?200|}} | ||
| + | * The Certificate Export Wizard will popup. Click **Next.** | ||
| + | * {{:development:development:software:security:image005.png?200|}} | ||
| + | * Select **Base-64 encoded X.509 (.cer).** | ||
| + | * Click **Next.** | ||
| + | * {{:development:development:software:security:image006.png?200|}} | ||
| + | * On the next screen click **Browse** and specify the filename and path you want to save your Root certificate. Name it whatever you desire. **Example: Root.cer** | ||
| + | * Click **Save.** | ||
| + | * You will be taken back to the previous screen with the location and path of this file specified next to browse. **Click Next.** | ||
| + | * {{:development:development:software:security:image007.png?200|}} | ||
| + | * Complete the export wizard by clicking **Finish**. | ||
| + | |||
| + | === Step 2: Retrieving your Intermediate CA directly from your SSL certificate (Continued) === | ||
| + | |||
| + | //You will perform the same steps as above in step 1 but with the middle certificate (Intermediate).// | ||
| + | |||
| + | * 1. Go back to your SSL certificate under the **Certification Path** tab and **double click** on the Middle Certificate Intermediate in the tier. | ||
| + | * {{:development:development:software:security:image008.png?200|}} | ||
| + | * Click Details. | ||
| + | * Click Copy to File… | ||
| + | * {{:development:development:software:security:image009.png?200|}} | ||
| + | * The Certificate Export Wizard will popup. **Click Next.** | ||
| + | * {{:development:development:software:security:image005.png?200|}} | ||
| + | * Select **Base-64 encoded X.509 (.cer).** | ||
| + | * Click **Next.** | ||
| + | * {{:development:development:software:security:image006.png?200|}} | ||
| + | * On the next screen click Browse and specify the filename and path you want to save your Intermediate certificate. Name it whatever you desire. Example: Intermediate.cer | ||
| + | * Click Save. | ||
| + | * You will be taken back to the previous screen with the location and path of this file specified next to browse. Click Next. | ||
| + | * {{:development:development:software:security:image007.png?200|}} | ||
| + | * Complete the export wizard by clicking Finish. | ||
| + | |||
| + | You should now have three files: | ||
| + | - Your Root Certificate. | ||
| + | - Your Intermediate Certificate. | ||
| + | - Your SSL certificate where both the Root, and Intermediate are derived from. | ||
| + | |||
| + | === Step 3: Step 3: Installing your Root CA, CA Intermediate, and your SSL certificate === | ||
| + | |||
| + | Import the Root Certificate first. You will specify your own alias for this import Example: Root. | ||
| + | |||
| + | keytool -import -alias root -trustcacerts -file C:\path\to\root.cer -keystore C:\path\to\my\keystore.jks | ||
| + | |||
| + | Import the Intermediate CA certificate second. You will specify your own alias for this import. Example: Intermediate. | ||
| + | |||
| + | keytool -import -alias intermediate -trustcacerts -file C:\path\to\intermediate.cer -keystore C:\path\to\my\keystore.jks | ||
| + | |||
| + | Lastly, import the actual SSL certificate into the keystore. | ||
| keytool -importcert -trustcacerts -alias webapi -file C:\path\to\cert\webapi.p7b -keystore C:\path\to\my\keystore.jks | keytool -importcert -trustcacerts -alias webapi -file C:\path\to\cert\webapi.p7b -keystore C:\path\to\my\keystore.jks | ||
| - | Now you can add SSL connector in Tomcat's ''server.xml'' file | + | Now you can add SSL connector in Tomcat's server.xml file |
| - | <Connector | + | <Connector |
| - | port="8443" | + | port="8443" |
| - | protocol="org.apache.coyote.http11.Http11NioProtocol" | + | protocol="org.apache.coyote.http11.Http11NioProtocol" |
| - | maxThreads="200" | + | maxThreads="200" |
| - | scheme="https" | + | scheme="https" |
| - | secure="true" | + | secure="true" |
| - | SSLEnabled="true" | + | SSLEnabled="true" |
| - | keyAlias="webapi" | + | keyAlias="webapi" |
| - | keystoreFile="C:\path\to\my\keystore.jks" | + | keystoreFile="C:\path\to\my\keystore.jks" |
| - | keystorePass="{Your keystore password}" | + | keystorePass="{Your keystore password}" |
| - | clientAuth="false" | + | clientAuth="false" |
| - | sslProtocol="TLS"/> | + | sslProtocol="TLS"/> |
| [[https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html|Here]] you may find more details on SSL configuration in Tomcat. | [[https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html|Here]] you may find more details on SSL configuration in Tomcat. | ||
development/security.txt · Last modified: 2018/03/20 13:33 by anthonysena
Page Tools
