# SERVER
# create server key-store with private-public keys
keytool -genkeypair -alias server -keyalg RSA -keystore ./serverKS.jks \
-keypass p4ssw0rd -storepass p4ssw0rd -validity 900 \
-dname "cn=localhost, ou=DX, o=Clover, c=CR"
# exports public key to separated file
keytool -exportcert -alias server -keystore serverKS.jks \
-storepass p4ssw0rd -file server.cer
# CLIENT
# create client key-store with private-public keys
keytool -genkeypair -alias client -keyalg RSA -keystore ./clientKS.jks \
-keypass chodnik -storepass chodnik -validity 900 \
-dname "cn=Key Owner, ou=DX, o=Clover, c=CR"
# exports public key to separated file
keytool -exportcert -alias client -keystore clientKS.jks \
-storepass chodnik -file client.cer
# trust stores
# imports server cert to client trust-store
keytool -import -alias server -keystore clientTS.jks \
-storepass chodnik -file server.cer
# imports client cert to server trust-store
keytool -import -alias client -keystore serverTS.jks \
-storepass p4ssw0rd -file client.cer
Designer has its Own Certificate
In order to connect to CloverDX Server via HTTPS
when Designer must have its own certificate, create client and server keystores/truststores (note: the following guide is for Unix system):
-
To generate these keys, execute the following script in the
bin
subdirectory of JDK or JRE wherekeytool
is located:
(In these commands, localhost
is the default name of your CloverDX Server.
You can change the Server name by replacing the localhost
name in these commands by any other hostname.)
After that, copy the serverKS.jks
and serverTS.jks
files to the conf
subdirectory of Tomcat.
Then, copy the following code to the server.xml
file in this conf
subdirectory:
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="off" />
<Connector port="8443" maxHttpHeaderSize="7192"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
keystoreFile="pathToTomcatDirectory/conf/serverKS.jks"
keystorePass="p4ssw0rd"
truststoreFile="pathToTomcatDirectory/conf/serverTS.jks"
truststorePass="p4ssw0rd"
/>
The path to keystore and truststore files must be absolute. Relative paths may not work. This is valid for both parts of communication. |
Now you can run CloverDX Server by executing the startup
script located in the bin
subdirectory of Tomcat.
Configuring CloverDX Designer
Now you need to copy the clientKS.jks
and clientTS.jks
files to any location.
After that, copy the following code to the end of the CloverDXDesigner.ini
file, which is stored in the CloverDX Designer installation directory:
-Djavax.net.ssl.keyStore=locationOfClientFiles/clientKS.jks
-Djavax.net.ssl.keyStorePassword=chodnik
-Djavax.net.ssl.trustStore=locationOfClientFiles/clientTS.jks
-Djavax.net.ssl.trustStorePassword=chodnik
Now, when you start your CloverDX Designer, you will be able to create your CloverDX Server projects using the following default connection to the Server: https://localhost:8443/clover
where both login name and password are clover.