Designer has its Own Certificate

In order to connect to CloverDX Server via HTTPS when Designer must have its own certificate, create client and server keystores/truststores (note: the following guide is for Unix system):

  1. To generate these keys, execute the following script in the bin subdirectory of JDK or JRE where keytool is located:

# create server key-store with private-public keys
keytool -genkeypair -alias server -keyalg RSA -keystore ./serverKS.jks \
        -keypass p4ssw0rd -storepass p4ssw0rd -validity 900 \
        -dname "cn=localhost, ou=DX, o=Clover, c=CR"           
# exports public key to separated file
keytool -exportcert -alias server -keystore serverKS.jks \
        -storepass p4ssw0rd -file server.cer

# create client key-store with private-public keys
keytool -genkeypair -alias client -keyalg RSA -keystore ./clientKS.jks \
        -keypass chodnik -storepass chodnik -validity 900 \
        -dname "cn=Key Owner, ou=DX, o=Clover, c=CR"           
# exports public key to separated file
keytool -exportcert -alias client -keystore clientKS.jks \
        -storepass chodnik -file client.cer

# trust stores 

# imports server cert to client trust-store
keytool -import -alias server -keystore clientTS.jks \
        -storepass chodnik -file server.cer

# imports client cert to server trust-store
keytool -import -alias client -keystore serverTS.jks \
        -storepass p4ssw0rd -file client.cer

(In these commands, localhost is the default name of your CloverDX Server. You can change the Server name by replacing the localhost name in these commands by any other hostname.)

After that, copy the serverKS.jks and serverTS.jks files to the conf subdirectory of Tomcat.

Then, copy the following code to the server.xml file in this conf subdirectory:

<Listener className="org.apache.catalina.core.AprLifecycleListener" 
            SSLEngine="off" />

<Connector port="8443" maxHttpHeaderSize="7192"
          maxThreads="150" minSpareThreads="25"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" scheme="https" secure="true"
          clientAuth="true" sslProtocol="TLS"

The path to keystore and truststore files must be absolute. Relative paths may not work. This is valid for both parts of communication.

Now you can run CloverDX Server by executing the startup script located in the bin subdirectory of Tomcat.

Configuring CloverDX Designer

Now you need to copy the clientKS.jks and clientTS.jks files to any location.

After that, copy the following code to the end of the eclipse.ini file, which is stored in the eclipse directory:

Now, when you start your CloverDX Designer, you will be able to create your CloverDX Server projects using the following default connection to the Server: https://localhost:8443/clover where both login name and password are clover.