Creating the Configuration File

 

In order to add custom SSL Configuration to GMUS, the following properties should be provided in a property file:


  • keystoreFile - This property should be set with the absolute path to the keystore file. The keystore file contains the server's certification, including its private key. 
  • truststoreFile -This property should be set with the absolute path to the truststore file. The truststore file contains certificates from other parties that is expected to be communicated with, or certificate authorities that are trusted to identify other parties
  • keystorePassword - This property should be set with the password for the specified keystore file
  • truststorePassword - This property should be set with the password for the specified truststore file


Refer to sample config file below:


keystoreFile=/Users/aprilb/Downloads/KeyStore.jks
truststoreFile=/Users/aprilb/Downloads/truststore.jks
keystorePassword=abcd.1234
truststorePassword=abcd.1234


Running GMUS Rest Server with the Configuration File


To run the GMUS Server for secured requested with custom SSL configuration, the command below should be run :


genrocket -gmussr <portNumber> -gmusp <configPath>


  • portNumber - Preferred port number where GMUS REST should run
  • configPath - Path to config file 


Sample: genrocket -gmussr 8070 -gmusp config.properties



When providing custom SSL configuration, the following message above (in red box) will be shown when there is an API request. If not, please double check validity and correctness of the keystore and truststore configurations. 



Generating Keystore and Truststore Files


If keystore and truststore files are not generated yet, please follow below steps:


1. In Server, generate keystore file

keytool -genkey -alias bmc -keyalg RSA -keystore KeyStore.jks -keysize 2048


    If CA-Cert, CA-key, and CSR are not yet existing, proceed to Step 2.

    Otherwise, proceed to Step 5.


2. Generate CA-Cert and CA-key

openssl req -new -x509 -keyout ca-key -out ca-cert


3. Generate CSR (Certificate Signing Request)

keytool -keystore KeyStore.jks -alias bmc -certreq -file cert-file


4. Sign the certificate. Make sure to replace <yourpass> with preferred password

openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:yourpass

5. Import the CA-Cert to created keystore file

keytool -keystore KeyStore.jks -alias CARoot -import -file ca-cert


6. Import Signed Certificate to keystore file

keytool -keystore KeyStore.jks -alias bmc -import -file cert-signed

7. In Client, Copy ca-cert and generate truststore

keytool -keystore truststore.jks -alias bmc -import -file ca-cert


8. In Server, copy ca-cert and generate truststore

keytool -keystore truststore.jks -alias bmc -import -file ca-cert