Configuring HTTPS
This example shows how to configure the server to accept only https connections using a self signed certificate (requires Odilon v1.8+).
Generating a self signed certificate
We can use either of the following certificate formats to genererate the self signed certificate:
PKCS12. Public Key Cryptographic Standards is a password protected format that can contain multiple certificates and keys; it’s an industry-wide used format.
JKS. Java KeyStore is similar to PKCS12; it’s a proprietary format and is limited to the Java environment.
We can use either keytool or OpenSSL to generate the certificates from the command line. Keytool is shipped with Java Runtime Environment, and OpenSSL can be downloaded from openssl.org.
In this example we use keytool and PKCS12 format.
Now we’ll create a set of cryptographic keys, and store them in a keystore (named odilon.p12). We can use the following command to generate our PKCS12 keystore format:
keytool -genkeypair -alias odilon -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore odilon.p12 -validity 3650 -storepass odilon
We can store any number of key-pairs in the same keystore, with each identified by a unique alias. We’ll have to provide the source keystore password and also set a new keystore password. The alias and keystore password will be needed later.
Enabling HTTPS in Odilon
First we copy the file odilon.p12 created in the previous step into the ./config directory
Now we’ll configure the SSL related properties in ./config/odilon.properties
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:odilon.p12
# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The password used to generate the certificate
server.ssl.key-store-password=odilon
# The alias mapped to the certificate
server.ssl.key-alias=odilon
server.ssl.enabled=true
Checking the server is using HTTPS
After starting the server the console will show whether it is configured to use http or https (in the screenshot: Https -> yes)
You can also check the server's info at https://localhost:9234/info
Client configuration
The client connection will fail if it tries to connect via http and the server is set up to accept only https connections.
If the server is configured to accept https, then the client application must connect via ssl (requires SDK v1.8+). The client trusts the certificate authorities of the host platform, however if the client is created to explicitly accept all certificates -as in the example below- it will trust all certificates.
This is how you create an instance of OdilonClient that uses ssl.
boolean b_use_ssl = true;
boolean b_accept_all_certificates = true;
OdilonClient client = new ODClient("https://localhost", 9234, "odilon", odilon", b_use_ssl, b_accept_all_certificates);