This section describes the steps that are required to enable HTTPS on the various Spring Boot applications that make up Omni-Gen.
A self-signed certificate is used, by default, and created at installation time. The parameters used depend upon the input provided during installation. The following syntax generates an omnigenstore keystore using the RSA algorithm with a key size of 2K with a new certificate. The application that needs to enable HTTPS references the keystore in its configuration.
keytool -genkey -alias boot -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore omnigenstore.p12 -storepass omnigen -noprompt -keypass omnigen -validity 3650 -dname "cn=sr14386.ibi.com, ou=Omni, o=IBI, l=Rochester, st=NY, c=US"
where:
Specifies the certificate alias. By detault, this is set to boot.
Specifies the location or name of the keystore. This can be the file name with a fully qualified path.
Password used to protect the private key.
Distinguished name associated with the alias and contains the server name.
Password used to protect the keystore.
The Omni-Gen installation will invoke this command (and commands in the following steps), with the appropriate arguments.
The CA-approved certificate can be imported into the omnigenstore keystore and the Omni-Gen applications reference the keystore. You can then import the certificate, which is described in Importing an External Certificate.
You must create the actual certificate for the client applications using the keytool. The intermediate encoded file is created in order to create the truststore for the client applications (external or internal Omni-Gen applications). For example:
keytool -export -alias boot -keystore omnigenstore.p12 -storepass omnigen -noprompt -file omnigenstore.pem
To enable HTTPS, the Spring Boot applications need to be configured by setting the SSL parameters and pointing them to the keystore (created in step 3). The following properties need to be set:
server.port = 9500 server.ssl.enabled=true server.ssl.key-store = omnigetstore.p12 server.ssl.key-store-password = omnigen server.ssl.keyStoreType = JKS server.ssl.keyAlias = boot
Note: The Spring Boot application understands these properties, which are exposed through the installation software and its associated configuration file differently.
This is done by adding another Tomcat connector programmatically. It is configured as an HTTP connector that redirects all the traffic to the earlier configured HTTPS connector and entails adding a TomcatEmbeddedContainerFactory bean to one of the @Configuration classes. This allows supporting both HTTP and HTTPS or enabling the redirect.
These steps ensure the web services exposed by the application can be accessed over HTTPS.