HTTP Server Tasks

HTTPS/SSL Support

This document describes the HTTPS/SSL support for the HTTP Server Tasks.

The HTTP server is implemented using the Java Secure Socket Extension (JSSE), provided as standard with Java. Please note that the details might be different depending on the Java version.

JSSE (with Java 1.7) supports:

  • SSL 3.0 and TLS 1.2 (with Java 1.7)
  • Most common SSL and TLS cipher suites
  • X.509-based key and trust manager

SSL Keystore

To initiate HTTPS/SSL a keystore file must be used. Two different kind of keystores are supported:

  • JKS (Java keystore)
  • PKCS12 (PKCS #12)
JKS or PKC12 will not be described in detail here. There are much information available on the internet describing this.

Using JKS

To generate a Java keystore, the keytool command provided with Java must be used. We will not describe keytool in general here but, an example how keytool can be used to generate a JKS keystore file:

% keytool -genkeypair -alias server-cert -keyalg rsa \ -dname “CN=server.example.com,O=example.com,C=US” \ -keystore keystore.jks -keypass password -storepass kspassword

This will generate a Java keystore file: keystore.jks. To use this with the HTTP server Tasks use the following parameters in HttpServerInitTask:

SSL Keystore Path: /path/to/keystore.jks
SSL Keystore Type: JKS
SSL Keystore Password: kspassword
SSL Key Password: password

Using PKCS12

To generate a PKCS #12 keystore file OpenSSL may be used. We will not describe OpenSSL in general here, but an example how OpenSSL can be used to generate a PKCS #12 keystore file:

# Generate CA % openssl genrsa -des3 -out ca.key -passout pass:capass 4096 % openssl req -new -x509 -days 365 -key ca.key -out ca.crt -passin pass:capass # Generate Cert % openssl genrsa -des3 -out server.key -passout pass:serverpass 4096 % openssl req -new -key server.key -out server.csr -passin pass:serverpass -passout pass:serverpass # Sign % openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt \ -passin pass:capass # Convert to pkcs12 % openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:serverpass \ -passout pass:serverpass

This will generate several files and finally a PKCS #12 keystore file: server.p12. To use this with the HTTP server Tasks use the following parameters in HttpServerInitTask:

SSL Keystore Path: /path/to/server.p12
SSL Keystore Type: PKCS12
SSL Keystore Password: serverpass
SSL Key Password: serverpass
About Emblasoft

From innovation, to validation and smooth operation, our solutions help operators and equipment vendors deliver outstanding services and performance to their customers.

Emblasoft Test & Measurement AB
Hammarby allé 29
120 32 Stockholm, Sweden

Send us an email: contact@emblasoft.com

  • Linkedin
  • Twitter
Ready to talk to us?