Creating the Configuration File
In order to add custom SSL Configuration to GMUS, the following properties should be provided in a property file:
- keystoreFile - This property should be set with the absolute path to the keystore file. The keystore file contains the server's certification, including its private key.
- truststoreFile -This property should be set with the absolute path to the truststore file. The truststore file contains certificates from other parties that is expected to be communicated with, or certificate authorities that are trusted to identify other parties
- keystorePassword - This property should be set with the password for the specified keystore file
- truststorePassword - This property should be set with the password for the specified truststore file
Refer to sample config file below:
keystoreFile=/Users/aprilb/Downloads/KeyStore.jks truststoreFile=/Users/aprilb/Downloads/truststore.jks keystorePassword=abcd.1234 truststorePassword=abcd.1234
Running GMUS Rest Server with the Configuration File
To run the GMUS Server for secured requested with custom SSL configuration, the command below should be run :
genrocket -gmussr <portNumber> -gmusp <configPath>
- portNumber - Preferred port number where GMUS REST should run
- configPath - Path to config file
Sample: genrocket -gmussr 8070 -gmusp config.properties
When providing custom SSL configuration, the following message above (in red box) will be shown when there is an API request. If not, please double check validity and correctness of the keystore and truststore configurations.
Generating Keystore and Truststore Files
If keystore and truststore files are not generated yet, please follow below steps:
1. In Server, generate keystore file
keytool -genkey -alias bmc -keyalg RSA -keystore KeyStore.jks -keysize 2048
If CA-Cert, CA-key, and CSR are not yet existing, proceed to Step 2.
Otherwise, proceed to Step 5.
2. Generate CA-Cert and CA-key
openssl req -new -x509 -keyout ca-key -out ca-cert
3. Generate CSR (Certificate Signing Request)
keytool -keystore KeyStore.jks -alias bmc -certreq -file cert-file
4. Sign the certificate. Make sure to replace <yourpass> with preferred password
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:yourpass
5. Import the CA-Cert to created keystore file
keytool -keystore KeyStore.jks -alias CARoot -import -file ca-cert
6. Import Signed Certificate to keystore file
keytool -keystore KeyStore.jks -alias bmc -import -file cert-signed
7. In Client, Copy ca-cert and generate truststore
keytool -keystore truststore.jks -alias bmc -import -file ca-cert
8. In Server, copy ca-cert and generate truststore
keytool -keystore truststore.jks -alias bmc -import -file ca-cert