Omni-Gen™ Integration Edition Security Guide > Enabling HTTPS, Strong Encryption Support, and Password Encryption > Understanding the Steps Required to Enable HTTPS

Understanding the Steps Required to Enable HTTPS

This section describes the steps that are required to enable HTTPS on the various Spring Boot applications that make up Omni-Gen.

  1. Using a self-signed SSL certificate.

    A self-signed certificate is used, by default, and created at installation time. The parameters used depend upon the input provided during installation. The following syntax generates an omnigenstore keystore using the RSA algorithm with a key size of 2K with a new certificate. The application that needs to enable HTTPS references the keystore in its configuration. 

    keytool -genkey -alias boot -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore omnigenstore.p12 -storepass omnigen -noprompt -keypass omnigen -validity 3650 -dname "cn=sr14386.ibi.com, ou=Omni, o=IBI, l=Rochester, st=NY, c=US"

    where:

    alias

    Specifies the certificate alias. By detault, this is set to boot.

    keystore

    Specifies the location or name of the keystore. This can be the file name with a fully qualified path.

    keypass

    Password used to protect the private key.

    dname

    Distinguished name associated with the alias and contains the server name.

    storepass

    Password used to protect the keystore.

    The Omni-Gen installation will invoke this command (and commands in the following steps), with the appropriate arguments.

  2. Using a CA-approved certificate.

    The CA-approved certificate can be imported into the omnigenstore keystore and the Omni-Gen applications reference the keystore. You can then import the certificate, which is described in Importing an External Certificate.

  3. Exporting the certificate into a PEM file.

    You must create the actual certificate for the client applications using the keytool. The intermediate encoded file is created in order to create the truststore for the client applications (external or internal Omni-Gen applications). For example: 

    keytool -export -alias boot -keystore omnigenstore.p12 -storepass omnigen -noprompt -file omnigenstore.pem
  4. Enabling HTTPS in Spring Boot.

    To enable HTTPS, the Spring Boot applications need to be configured by setting the SSL parameters and pointing them to the keystore (created in step 3). The following properties need to be set: 

    server.port = 9500
server.ssl.enabled=true
server.ssl.key-store = omnigetstore.p12
server.ssl.key-store-password = omnigen
server.ssl.keyStoreType = JKS
server.ssl.keyAlias = boot

    Note: The Spring Boot application understands these properties, which are exposed through the installation software and its associated configuration file differently.

  5. Redirecting HTTP to HTTPS.

    This is done by adding another Tomcat connector programmatically. It is configured as an HTTP connector that redirects all the traffic to the earlier configured HTTPS connector and entails adding a TomcatEmbeddedContainerFactory bean to one of the @Configuration classes. This allows supporting both HTTP and HTTPS or enabling the redirect.

    These steps ensure the web services exposed by the application can be accessed over HTTPS.