Articles in this section

See more

How to create a self signed certificate and use with Mingle for secure access

Avatar
Rajesh Chopra
Updated
Follow

Step #1 (create keystore)

Go to Mingle's JRE bin folder
C:\Program Files (x86)\Mingle_3_4\jre\bin

Run the keytool utility
====== screen output =========
c:\>keytool -genkey -alias testing -keystore keystore.new
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <testing>
        (RETURN if same as keystore password):
Re-enter new password:
===============================

Note the password. It will go into mingle.properties
-Dmingle.ssl.keystorePassword=password
Note the path to the keystore. It will go into mingle.properties.
Also note that the keystore was moved to <MINGLE_DATA_DIR>\config after step #3 below so that Mingle can access it
-Dmingle.ssl.keystore=c:\users\rchopra\Mingle34\config\keystore.new


Step #2 (generate a self signed cert )

Install OpenSSL
Generate self signed cert using Openssl (http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html).
Steps below are for generating self signed cert for use with IE

================== screen outputs ====================
C:\OpenSSL-Win32\bin>openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf

C:\OpenSSL-Win32\bin>set PATH=%PATH%;.

C:\OpenSSL-Win32\bin>mkdir c:\ssl

C:\OpenSSL-Win32\bin>cd \ssl

C:\ssl>md keys

C:\ssl>md requests

C:\ssl>md certs

C:\ssl>touch database.txt

C:\ssl>dir database.txt
 Volume in drive C has no label.
 Volume Serial Number is D28E-95B3

 Directory of C:\ssl

10/19/2011  03:40 PM                 0 database.txt
               1 File(s)              0 bytes
               0 Dir(s)  168,759,312,384 bytes free

C:\ssl>touch serial.txt

C:\ssl>openssl genrsa -des3 -out keys/ca.key 1024
Generating RSA private key, 1024 bit long modulus
.............................++++++
...............++++++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for keys/ca.key:
Verifying - Enter pass phrase for keys/ca.key:

C:\ssl>openssl req -config openssl.conf -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer
Enter pass phrase for keys/ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:us
State or Province Name (full name) []:ca
Locality Name (eg, city) []:sfo
Organization Name (eg, company) []:tw
Organizational Unit Name (eg, section) []:support
Common Name (eg, your websites domain name) []:thoughtworks
Email Address []:myemail2email.com

C:\ssl>cd ca
The system cannot find the path specified.

C:\ssl>cd certs

C:\ssl\certs>dir
 Volume in drive C has no label.
 Volume Serial Number is D28E-95B3

 Directory of C:\ssl\certs

10/19/2011  03:43 PM    <DIR>          .
10/19/2011  03:43 PM    <DIR>          ..
10/19/2011  03:43 PM               920 ca.cer
               1 File(s)            920 bytes
               2 Dir(s)  168,758,562,816 bytes free

Now copy cert over to the same folder where keystore was created so that cert could be imported into key store

C:\ssl\certs>copy ca.cer "C:\Users\rchopra\AppData\Local\VirtualStore\Program Files (x86)\Mingle_3_4\jre\bin"
        1 file(s) copied.

C:\ssl\certs>


Step #3 (import)

Found that keystore.new generated in
C:\Users\rchopra\AppData\Local\VirtualStore\Program Files (x86)\Mingle_3_4\jre\bin"

C:\Users\rchopra\AppData\Local\VirtualStore\Program Files (x86)\Mingle_3_4\jre\bin>"C:\Program Files (x86)\Mingle_3_4\jre\bin\keytool" -import -keystore keystore.new -alias myalias -file ca.cer
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Owner: EMAILADDRESS=myemail2email.com, CN=thoughtworks, OU=support, O=tw, L=sfo, ST=ca, C=us
Issuer: EMAILADDRESS=myemail2email.com, CN=thoughtworks, OU=support, O=tw, L=sfo, ST=ca, C=us
Serial number: c1387d5e78adf08e
Valid from: Wed Oct 19 15:43:13 PDT 2011 until: Wed Jul 16 15:43:13 PDT 2014
Certificate fingerprints:
         MD5:  3C:92:1E:94:92:B2:6D:B5:37:31:56:13:04:CD:01:7C
         SHA1: 8E:DB:41:AB:97:D3:A3:95:F8:27:85:CE:42:9C:59:DD:DA:79:37:69
         Signature algorithm name: SHA1withRSA
         Version: 1
Trust this certificate? [no]:  yes
Certificate was added to keystore


Note the password. It will go into mingle.properties
-Dmingle.ssl.keyPassword=password

Step #4 (update mingle.properties)

1) Supply all the standard SSL stuff

-Dmingle.ssl.port=7071
-Dmingle.ssl.keystore=c:\users\rchopra\Mingle34\config\keystore.new
-Dmingle.ssl.keystorePassword=password
-Dmingle.ssl.keyPassword=password

2) Specify that the Site URL is secure

-Dmingle.siteURL=https://RC6186:7071

3) Comment out the mingle.port property

#-Dmingle.port=8090

Step #5
Restart Mingle

 

If required, enable debug logging (by setting "log4j.rootCategory=DEBUG" ) in MINGLE_INSTALL_DIR/config/log4j.properties

Comments

0 comments

Please sign in to leave a comment.