wiki:ESGF-Security

Version 3 (modified by vegasm, 9 years ago) (diff)

--

Before publishing test datasets, it is necessary to install some security components and filters to support ESGF-Security.

Enable Tomcat SSL security

To enable ssl we need a valid certificate from a Certificate Authority such as Verisign. We can create one but the browser will not recognize as trusted.

To install and configure SSL support on Tomcat 6, you need to follow these simple steps:

  1. Create a keystore file to store the server's private key and self-signed certificate by executing the following:
    keytool -genkey -alias tomcat -keyalg RSA
    password: changeit
    

This command will create a file in your user home directory named ".keystore". This keystore contains a certificate whose alias is tomcat

  1. Download the ESGF Truststore which contains the trusted CA's and add your tomcat certificate:

You have two options:

  1. Download the ESGF truststore from here https://rainbow.llnl.gov/dist/certs/esg-truststore.ts and add your tomcat certificate by yourself
  2. Download the attachment:esg-truststore.ts which contains the tomcat pem. You can also download the attachment:.keystore
  1. Uncomment the SSL HTTP/1.1 Connector entry in $CATALINA_BASE/conf/server.xml and add the following:
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"  SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
       clientAuth="want" keystoreFile="C:\apache-tomcat-6.0.36\config_files\esg-orp\.keystore" keystorePassword="changeit"
       truststoreFile="C:\apache-tomcat-6.0.36\config_files\esg-orp\esg-truststore.ts" truststorePass="changeit" sslProtocol="TLS" /> 
    
  1. Deploy esg-orp.war into tomcat 6

For further information visit: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration

Attachments (6)