The article purpose is to show how to configure Licenses service and Stambia DI Designer in order to define a custom certificate and to customize SSL options.
Prerequisites:
- Licenses Service 1.4.0 or higher version.
- Stambia DI Designer S20.4.0 or higher version.
From Licenses Service 1.4.0 version we have a possibility to define a custom certificate and customize SSL options
From Stambia DI Designer S20.4.0 we have a possibility to define the certificate the Designer should use for contacting the license service, when the license service is using a custom certificate.
Configuration
The spring-context.xml file should be configured through a new bean allowing to configure ssl properties.
The configuration content of this file will look like this:
<!-- SSL configuration --> <!-- This can be used to override the default SSL configuration and default certificate used. --> <bean class="com.stambia.licence.plugin.ssl.impl.DesignerSslPlugin"> <!-- enableSsl: enable SSL --> <property name="enableSsl" value="true"></property> <!-- keyStoreType: The keyStore type --> <property name="keyStoreType" value="JKS"></property> <!-- keyStore: The relative or absolute path to the keyStore --> <property name="keyStore" value="path_to_keystore/keystore.jks"></property> <!-- keyStorePassword: The keyStore password --> <property name="keyStorePassword" value="keystore_password"></property> <!-- keyAlias: The certificate alias to be used --> <property name="keyAlias" value="key_alias"></property> <!-- keyPassword: The certificate password --> <property name="keyPassword" value="key_password"></property> </bean>
The sample spring-context.xml file containing this configuration should be added in the following directory:
conf/samples/ssl_configuration
When those properties are not specified, it uses by default the self-signed certificate as before.
About Designer impact
Designer accepts the legacy self-signed certificate and also any signed certificate.
To allow to customize the certificate used by the license service, the designer should be configured to be able to define the certificate.
Prerequisites:
- This feature is available from Designer S20.4.0
Designer certificates
Stambia.ini file has been updated to support four new properties to define an additional keystore containing the certificate for the license service.
To define the custom keystore that the designer will use additionally, we should configure stambia.ini file by adding the following lines:
-Dlicense.service.keystore.path= the path where is located the keystore.file
-Dlicense.service.keystore.type= the keystore type
-Dlicense.service.keystore.password= the security password
-Dlicense.service.keystore.key.alias= the keystore alias
After stambia.ini configuration set, we can use the matching server or key license in designer.
JVM certificates truststore
When exchanging with the license service, the certificates checks take into account the certificates of the JVM truststore.
For exchanges the designer takes into account a combination of the following certificates:
- the internal certificate
- the JVM truststore
- the custom keystore defined in stambia.ini (if defined)
With this, the designer takes into account automatically the truststore of the JVM, which allows to accept most of the signed certificates automatically.
When JVM trustore is in a different location than the default, then you can indicate it in stambia.ini file by using the following standard JVM options to specify the JVM truststore configuration:
-Djavax.net.ssl.trustStore= the path where is located the keystore.file
-Djavax.net.ssl.trustStoreType= the keystore type
-Djavax.net.ssl.trustStoreProvider= provider
-Djavax.net.ssl.trustStorePassword=the keystore password
After stambia.ini configuration set, we can use the matching server or key license in designer.