Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Mobile AAA Server A.01.00 Administrator's Guide: HP-UX 11.00 and 11i version 1 > Chapter 7 Advanced Configuring

Configuring HTTPS
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

You can encrypt the information submitted by browsers to the main Mobile AAA Server Manager program by configuring the Web server portion of the program to run over https instead of http. Use the following steps:

  1. Generate a certificate for Tomcat to establish the SSL connection. Use the following steps to create a "self-signed" certificate with the Java command line utility "keytool":

    1. Remove $HOME/.keystore if it already exists

    2. Enter the following command: export JAVA_HOME=/opt/java1.4

    3. Enter the following command:

      $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

    4. Enter a password for the key store when prompted.

    5. Enter the certificate information (company, contact name, etc.), when prompted. This information must be accurate because it will be displayed to users who attempt to administer Server Manager.

    6. Enter a password for the key when prompted. Use the same password you used for the key store

  2. Uncomment the following underlined comments in /opt/hpws/tomcat/conf/server.xml:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <!--
        <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                   port="8443" minProcessors="5" maxProcessors="75"
                   enableLookups="true"
                   acceptCount="10" debug="0" scheme="https" secure="true"
                   useURIValidationHack="false"
        <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
        clientAuth="false" protocol="TLS" />
    </Connector>
    -->

  3. Add the keystorePass attribute to the uncommented field in /opt/hpws/tomcat/conf/server.xml to establish the key store and key password on Tomcat. Add the keystorePass attribute as shown in the following:

    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
        clientAuth="false" protocol="TLS" keystorePass="<password>" />
    IMPORTANT: Replace "<password>" with the password used to generate the keystore in Step 1.

  4. Stop and start Tomcat:

    • Stop - /opt/hpws/tomcat/bin/shutdown.sh

    • Start - /opt/hpws/tomcat/bin/startup.sh

  5. Point your web browser to: https://<hostname>:8443/aaa/diameter



Implementing TLS with Anonymous Cipher Suites
  		 


Running the HP-UX AAA Server as a Non-Root User  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.