Configuring HTTPS

This example shows how to configure the server to accept only https connections using a self signed certificate (requires Odilon v1.8+).

Generating a self signed certificate

We can use either of the following certificate formats to genererate the self signed certificate:

PKCS12. Public Key Cryptographic Standards is a password protected format that can contain multiple certificates and keys; it’s an industry-wide used format.

JKS. Java KeyStore is similar to PKCS12; it’s a proprietary format and is limited to the Java environment.

We can use either keytool or OpenSSL to generate the certificates from the command line. Keytool is shipped with Java Runtime Environment, and OpenSSL can be downloaded from openssl.org.

In this example we use keytool and PKCS12 format.

Now we’ll create a set of cryptographic keys, and store them in a keystore (named odilon.p12). We can use the following command to generate our PKCS12 keystore format:


keytool -genkeypair -alias odilon -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore odilon.p12 -validity 3650 -storepass odilon

We can store any number of key-pairs in the same keystore, with each identified by a unique alias. We’ll have to provide the source keystore password and also set a new keystore password. The alias and keystore password will be needed later.

Enabling HTTPS in Odilon

First we copy the file odilon.p12 created in the previous step into the ./config directory

Now we’ll configure the SSL related properties in ./config/odilon.properties 


# The path to the keystore containing the certificate
server.ssl.key-store=classpath:odilon.p12

# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12

# The password used to generate the certificate
server.ssl.key-store-password=odilon

# The alias mapped to the certificate
server.ssl.key-alias=odilon

server.ssl.enabled=true

Checking the server is using HTTPS

After starting the server the console will show whether it is configured to use http or https (in the screenshot: Https -> yes)

You can also check the server's info at https://localhost:9234/info

Client configuration

The client connection will fail if it tries to connect via http and the server is set up to accept only https connections.

If the server is configured to accept https, then the client application must connect via ssl (requires SDK v1.8+). The client trusts the certificate authorities of the host platform, however if the client is created to explicitly accept all certificates -as in the example below- it will trust all certificates.

This is how you create an instance of OdilonClient that uses ssl.


boolean b_use_ssl = true;
boolean b_accept_all_certificates = true;
OdilonClient client = new ODClient("https://localhost", 9234, "odilon", odilon", b_use_ssl, b_accept_all_certificates);

Resources

Installation and configuration

Installation, Configuration and Operation on Windows

Installation, Configuration and Operation on Linux

Advanced configuration (encryption, master-standby, version control)

Configuring HTTPS

Java application development

Java Application Development with Odilon

Odilon SDK Javadoc

Odilon Java SDK - GitHub

Server design and development

Odilon Software Architecture

Odilon Server - GitHub

Videos

Odilon installer for Windows - YouTube video (2 min)

Odilon how to enable encryption - YouTube video (1 min)

Odilon demo - YouTube video (4 min)