Connecting via HTTPS

Suggest Edits

To connect via HTTPS you need to have Data Shaper Server.

You need to configure both the Server and Designer (in the case of Designer with its own certificate), or the Server alone (in the case of Designer without a certificate).

Designer has its Own Certificate

In order to connect to Data Shaper Server via HTTPS when Designer must have its own certificate, create client and server keystores/truststores (note: the following guide is for Unix system):

  1. To generate these keys, execute the following script in the bin subdirectory of JDK or JRE where keytool is located:
# SERVER
# create server key-store with private-public keys
keytool -genkeypair -alias server -keyalg RSA -keystore ./serverKS.jks \
        -keypass p4ssw0rd -storepass p4ssw0rd -validity 900 \
        -dname "cn=localhost, ou=DX, o=Clover, c=CR"
# exports public key to separated file
keytool -exportcert -alias server -keystore serverKS.jks \
        -storepass p4ssw0rd -file server.cer

# CLIENT
# create client key-store with private-public keys
keytool -genkeypair -alias client -keyalg RSA -keystore ./clientKS.jks \
        -keypass chodnik -storepass chodnik -validity 900 \
        -dname "cn=Key Owner, ou=DX, o=Clover, c=CR"
# exports public key to separated file
keytool -exportcert -alias client -keystore clientKS.jks \
        -storepass chodnik -file client.cer

# trust stores

# imports server cert to client trust-store
keytool -import -alias server -keystore clientTS.jks \
        -storepass chodnik -file server.cer

# imports client cert to server trust-store
keytool -import -alias client -keystore serverTS.jks \
        -storepass p4ssw0rd -file client.cer

(In these commands, localhost is the default name of your Data Shaper Server. You can change the Server name by replacing the localhost name in these commands by any other hostname.)

After that, copy the serverKS.jks and serverTS.jks files to the conf subdirectory of Tomcat.

Then, copy the following code to the server.xml file in this conf subdirectory:

<Listener className="org.apache.catalina.core.AprLifecycleListener"
            SSLEngine="off" />

<Connector port="8443" maxHttpHeaderSize="7192"
          maxThreads="150" minSpareThreads="25"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" scheme="https" secure="true"
          clientAuth="true" sslProtocol="TLS"
          SSLEnabled="true"
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          keystoreFile="pathToTomcatDirectory/conf/serverKS.jks"
          keystorePass="p4ssw0rd"
          truststoreFile="pathToTomcatDirectory/conf/serverTS.jks"
          truststorePass="p4ssw0rd"
/>

Warning!

The path to keystore and truststore files must be absolute. Relative paths may not work. This is valid for both parts of communication.

Now you can run Data Shaper Server by executing the startup script located in the bin subdirectory of Tomcat.

Configuring Data Shaper Designer

Now you need to copy the clientKS.jks and clientTS.jks files to any location.

After that, copy the following code to the end of the CloverDXDesigner.ini file, which is stored in the Data Shaper Designer installation directory:

-Djavax.net.ssl.keyStore=locationOfClientFiles/clientKS.jks
-Djavax.net.ssl.keyStorePassword=chodnik
-Djavax.net.ssl.trustStore=locationOfClientFiles/clientTS.jks
-Djavax.net.ssl.trustStorePassword=chodnik

Now, when you start your Data Shaper Designer, you will be able to create your Data Shaper Server projects using the following default connection to the Server: https://localhost:8443/clover where both login name and password are clover.

Designer does not have its Own Certificate

In order to connect to Data Shaper Server via HTTPS when Designer does not need to have its own certificate, you only need to create a server keystore.

To generate this key, execute the following script (version for Unix) in the bin subdirectory of JDK or JRE where keytool is located:

keytool -genkeypair -alias server -keyalg RSA -keystore ./serverKS.jks \
        -keypass p4ssw0rd -storepass p4ssw0rd -validity 900 \
        -dname "cn=localhost, ou=DX, o=Clover, c=CR"

(In these commands, localhost is the default name of your Data Shaper Server, if you want any other Server name, replace the localhost name in these commands by any other hostname.)

After that, copy the serverKS.jks file to the conf subdirectory of Tomcat.

Then, copy the following code to the server.xml file in this conf subdirectory:

<Listener className="org.apache.catalina.core.AprLifecycleListener"
          SSLEngine="off" />


<Connector port="8443" maxHttpHeaderSize="7192"
          maxThreads="150" minSpareThreads="25"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" scheme="https" secure="true"
          clientAuth="false" sslProtocol="SSL"
          SSLEnabled="true"
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          keystoreFile="pathToTomcatDirectory/conf/serverKS.jks"
          keystorePass="p4ssw0rd"
/>

Now you can run Data Shaper Server by executing the startup script located in the bin subdirectory of Tomcat.

And, when you start your Data Shaper Designer, you will be able to create your Data Shaper Server projects using the following default connection to Server: https://localhost:8443/clover where both login name and password are clover.

You will be prompted to accept the Server certificate. Now you can create a Data Shaper Server project.

Updated 6 months ago