Versions Compared

Old Version 1

changes.mady.by.user David E Tanner

Saved on

compared with

New Version Current

changes.mady.by.user David E Tanner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

PREREQUISITES

    Before you begin, you must have the following:

Panel
indent

* an application certificate Java keystore.
If you do not have an application certificate Java keystore, here are {color:blue}[instructions | How to create an Application Certificate Java keystore]{color} on how to create an application certificate Java keystore.
* a trusted server Java keystore.
If you do not have a Trusted Server Java keystore, here are {color:blue}[instructions | How to create a Trusted Server Java keystore]{color} on how to create a trusted server Java keystore.

1. Using the keystores with a Java application.

Panel
indent

To use the application certificate and serverTrustStore keystore (created in the above sections) with a web application, add the following 4 lines of java code somewhere prior to making the first call to the web application.\\
\\
    *System.setProperty("javax.net.ssl.keyStore", KeyStoreFile);*\\
    *System.setProperty("javax.net.ssl.keyStorePassword",keyStorePasswor);*\\
    *System.setProperty("javax.net.ssl.trustStore", ServerTrustStoreFile);*\\
    *System.setProperty("javax.net.ssl.trustStorePassword",ServerTrustStorePassword);*\\
\\
where:\\
    The *KeyStoreFile* is a Java String containing the path to and filename of the application certificate keystore file.\\
    The *KeystorePassword* is a Java String containing the application certificate keystore's password.\\
    The *ServerTrustStoreFile* is a Java String containing the path to and filename of the server trust store file.\\
    The *ServerTrustStorePassword* is a Java String containing the server trust store password.\\
\\
If the application certificate is going to be used with and ISDA web service, the application certificate's CN must be entered into the web service access control list.\\
\\
Email ISDA application administrators at [mailto:map-support@mit.edu]. In the body for your email, give the CN of the application certificate, the web services for which you are requesting activation and the servers that you want access to (production or staging servers).\\

How to update a server's mapping.app.mit.edu application certificate

1. The following must be completed before the mapping.app.mit.edu certificate expires

...


h3.*a. Obtain a new mapping.app.mit.edu application certificate*
Panel

see How to acquire and verify a M.I.T. x509 Application Certificate for detailed instructions.

...


h3.*b. Create the mapping.app.mit.edu.jks Java keystore*
Panel

see How to create an Application Certificate Java keystore for detailed instructions.

indent

{indent:1}
h3.*c. Copy the mapping.app.mit.edu.jks Java keystore to the servers*\\

...

  • isda-ws1.mit.edu
  • isda-ws2.mit.edu
  • isda-ws3.mit.edu
  • isda-ws4.mit.edu
  • map-dev-ws1.mit.edu
  • map-test-ws1.mit.edu
  • map-dev-console.mit.edu
  • map-prod-console.mit.edu
  • ws-dev.mit.edu
  • ws-test.mit.edu
  • ws-stage.mit.edu
  • ws-prod.mit.edu

...

  • maven-dev.mit.edu
  • maven-stage.mit.edu
  • maven-prod.mit.edu
  • build-dev.mit.edu
  • build-stage.mit.edu
  • build-prod.mit.edu
  • src-dev.mit.edu
  • src-stage.mit.edu
  • src-prod.mit.edu

...

d. Restart all the Tomcat containers on the server

Panel
Once you have copied the new mapping.app.mit.edu.jks to a server, all the Tomcat containers on that server must be restarted.  This is necessary because the mapping.app.mit.edu.jks is used by Tomcat itself and is only read by Tomcat at startup.