Versions Compared

Old Version 1

changes.mady.by.user David E Tanner

Saved on

compared with

New Version 2

changes.mady.by.user David E Tanner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to

...

1. The following must be completed before the mapping.app.mit.edu certificate expires

...


h3.*a. Obtain a new mapping.app.mit.edu application certificate*
Panel

see How to acquire and verify a M.I.T. x509 Application Certificate for detailed instructions.

...


h3.*b. Create the mapping.app.mit.edu.jks Java keystore*
Panel

see How to create an Application Certificate Java keystore for detailed instructions.

indent

{indent:1}
h3.*c. Copy the mapping.app.mit.edu.jks Java keystore to the servers*\\

...

  • isda-ws1.mit.edu
  • isda-ws2.mit.edu
  • isda-ws3.mit.edu
  • isda-ws4.mit.edu
  • map-dev-ws1.mit.edu
  • map-test-ws1.mit.edu
  • map-dev-console.mit.edu
  • map-prod-console.mit.edu
  • ws-dev.mit.edu
  • ws-test.mit.edu
  • ws-stage.mit.edu
  • ws-prod.mit.edu

...

configure a Java Application to use a Java keystore

PREREQUISITES

    Before you begin, you must have the following:

Panel
  • an application certificate Java keystore.
    If you do not have an application certificate Java keystore, click here for instructions on how to create an application certificate Java keystore.
  • a trusted server Java keystore.
    If you do not have a Trusted Server Java keystore, click here for instructions on how to create a trusted server Java keystore.

1. Using the keystores with a Java application.

Panel

To use the application certificate and serverTrustStore keystore (created in the above sections) with a web application, add the following 4 lines of java code somewhere prior to making the first call to the web application.

    System.setProperty("javax.net.ssl.keyStore", KeyStoreFile);
    System.setProperty("javax.net.ssl.keyStorePassword",keyStorePasswor);
    System.setProperty("javax.net.ssl.trustStore", ServerTrustStoreFile);
    System.setProperty("javax.net.ssl.trustStorePassword",ServerTrustStorePassword);

where:
    The KeyStoreFile is a Java String containing the path to and filename of the application certificate keystore file.
    The KeystorePassword is a Java String containing the application certificate keystore's password.
    The ServerTrustStoreFile is a Java String containing the path to and filename of the server trust store file.
    The ServerTrustStorePassword is a Java String containing the server trust store password.

If the application certificate is going to be used with and ISDA web service, the application certificate's CN must be entered into the web service access control list.

Email ISDA application administrators at map-support@mit.edu. In the body for your email, give the CN of the application certificate, the web services for which you are requesting activation and the servers that you want access to (production or staging servers)

  • maven-dev.mit.edu
  • maven-stage.mit.edu
  • maven-prod.mit.edu
  • build-dev.mit.edu
  • build-stage.mit.edu
  • build-prod.mit.edu
  • src-dev.mit.edu
  • src-stage.mit.edu
  • src-prod.mit.edu

...

d. Restart all the Tomcat containers on the server

Panel

Once you have copied the new mapping.app.mit.edu.jks to a server, all the Tomcat containers on that server must be restarted.  This is necessary because the mapping.app.mit.edu.jks is used by Tomcat itself and is only read by Tomcat at startup.