PREREQUISITES
Before you begin, you must have the following:
Panel |
---|
indent |
---|
* an application certificate Java keystore.
If you do not have an application certificate Java keystore, here are {color:blue}[instructions | How to create an Application Certificate Java keystore]{color} on how to create an application certificate Java keystore.
* a trusted server Java keystore.
If you do not have a Trusted Server Java keystore, here are {color:blue}[instructions | How to create a Trusted Server Java keystore]{color} on how to create a trusted server Java keystore.
|
|
1. Using the keystores with a Java application.
Panel |
---|
indent |
---|
To use the application certificate and serverTrustStore keystore (created in the above sections) with a web application, add the following 4 lines of java code somewhere prior to making the first call to the web application.\\
\\
*System.setProperty("javax.net.ssl.keyStore", KeyStoreFile);*\\
*System.setProperty("javax.net.ssl.keyStorePassword",keyStorePasswor);*\\
*System.setProperty("javax.net.ssl.trustStore", ServerTrustStoreFile);*\\
*System.setProperty("javax.net.ssl.trustStorePassword",ServerTrustStorePassword);*\\
\\
where:\\
The *KeyStoreFile* is a Java String containing the path to and filename of the application certificate keystore file.\\
The *KeystorePassword* is a Java String containing the application certificate keystore's password.\\
The *ServerTrustStoreFile* is a Java String containing the path to and filename of the server trust store file.\\
The *ServerTrustStorePassword* is a Java String containing the server trust store password.\\
\\
If the application certificate is going to be used with and ISDA web service, the application certificate's CN must be entered into the web service access control list.\\
\\
Email ISDA application administrators at [mailto:map-support@mit.edu]. In the body for your email, give the CN of the application certificate, the web services for which you are requesting activation and the servers that you want access to (production or staging servers).\\
|
|
How to update a server's mapping.app.mit.edu application certificate
1. The following must be completed before the mapping.app.mit.edu certificate expires
...
h3.*a. Obtain a new mapping.app.mit.edu application certificate*
...
h3.*b. Create the mapping.app.mit.edu.jks Java keystore*
indent |
---|
{indent:1}
h3.*c. Copy the mapping.app.mit.edu.jks Java keystore to the servers*\\
|
...
- isda-ws1.mit.edu
- isda-ws2.mit.edu
- isda-ws3.mit.edu
- isda-ws4.mit.edu
- map-dev-ws1.mit.edu
- map-test-ws1.mit.edu
- map-dev-console.mit.edu
- map-prod-console.mit.edu
- ws-dev.mit.edu
- ws-test.mit.edu
- ws-stage.mit.edu
- ws-prod.mit.edu
...
- maven-dev.mit.edu
- maven-stage.mit.edu
- maven-prod.mit.edu
- build-dev.mit.edu
- build-stage.mit.edu
- build-prod.mit.edu
- src-dev.mit.edu
- src-stage.mit.edu
- src-prod.mit.edu
...
d. Restart all the Tomcat containers on the server
Panel |
---|
Once you have copied the new mapping.app.mit.edu.jks to a server, all the Tomcat containers on that server must be restarted. This is necessary because the mapping.app.mit.edu.jks is used by Tomcat itself and is only read by Tomcat at startup. |