Step #1 (create keystore)
Go to Mingle's JRE bin folder
C:\Program Files (x86)\Mingle_3_4\jre\bin
Run the keytool utility
====== screen output =========
c:\>keytool -genkey -alias testing -keystore keystore.new
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <testing>
(RETURN if same as keystore password):
Re-enter new password:
===============================
Note the password. It will go into mingle.properties
-Dmingle.ssl.keystorePassword=password
Note the path to the keystore. It will go into mingle.properties.
Also note that the keystore was moved to <MINGLE_DATA_DIR>\config after step #3 below so that Mingle can access it
-Dmingle.ssl.keystore=c:\users\rchopra\Mingle34\config\keystore.new
Step #2 (generate a self signed cert )
Install OpenSSL
Generate self signed cert using Openssl (http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html).
Steps below are for generating self signed cert for use with IE
================== screen outputs ====================
C:\OpenSSL-Win32\bin>openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf
C:\OpenSSL-Win32\bin>set PATH=%PATH%;.
C:\OpenSSL-Win32\bin>mkdir c:\ssl
C:\OpenSSL-Win32\bin>cd \ssl
C:\ssl>md keys
C:\ssl>md requests
C:\ssl>md certs
C:\ssl>touch database.txt
C:\ssl>dir database.txt
Volume in drive C has no label.
Volume Serial Number is D28E-95B3
Directory of C:\ssl
10/19/2011 03:40 PM 0 database.txt
1 File(s) 0 bytes
0 Dir(s) 168,759,312,384 bytes free
C:\ssl>touch serial.txt
C:\ssl>openssl genrsa -des3 -out keys/ca.key 1024
Generating RSA private key, 1024 bit long modulus
.............................++++++
...............++++++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for keys/ca.key:
Verifying - Enter pass phrase for keys/ca.key:
C:\ssl>openssl req -config openssl.conf -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer
Enter pass phrase for keys/ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:us
State or Province Name (full name) []:ca
Locality Name (eg, city) []:sfo
Organization Name (eg, company) []:tw
Organizational Unit Name (eg, section) []:support
Common Name (eg, your websites domain name) []:thoughtworks
Email Address []:myemail2email.com
C:\ssl>cd ca
The system cannot find the path specified.
C:\ssl>cd certs
C:\ssl\certs>dir
Volume in drive C has no label.
Volume Serial Number is D28E-95B3
Directory of C:\ssl\certs
10/19/2011 03:43 PM <DIR> .
10/19/2011 03:43 PM <DIR> ..
10/19/2011 03:43 PM 920 ca.cer
1 File(s) 920 bytes
2 Dir(s) 168,758,562,816 bytes free
Now copy cert over to the same folder where keystore was created so that cert could be imported into key store
C:\ssl\certs>copy ca.cer "C:\Users\rchopra\AppData\Local\VirtualStore\Program Files (x86)\Mingle_3_4\jre\bin"
1 file(s) copied.
C:\ssl\certs>
Step #3 (import)
Found that keystore.new generated in
C:\Users\rchopra\AppData\Local\VirtualStore\Program Files (x86)\Mingle_3_4\jre\bin"
C:\Users\rchopra\AppData\Local\VirtualStore\Program Files (x86)\Mingle_3_4\jre\bin>"C:\Program Files (x86)\Mingle_3_4\jre\bin\keytool" -import -keystore keystore.new -alias myalias -file ca.cer
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Owner: EMAILADDRESS=myemail2email.com, CN=thoughtworks, OU=support, O=tw, L=sfo, ST=ca, C=us
Issuer: EMAILADDRESS=myemail2email.com, CN=thoughtworks, OU=support, O=tw, L=sfo, ST=ca, C=us
Serial number: c1387d5e78adf08e
Valid from: Wed Oct 19 15:43:13 PDT 2011 until: Wed Jul 16 15:43:13 PDT 2014
Certificate fingerprints:
MD5: 3C:92:1E:94:92:B2:6D:B5:37:31:56:13:04:CD:01:7C
SHA1: 8E:DB:41:AB:97:D3:A3:95:F8:27:85:CE:42:9C:59:DD:DA:79:37:69
Signature algorithm name: SHA1withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
Note the password. It will go into mingle.properties
-Dmingle.ssl.keyPassword=password
Step #4 (update mingle.properties)
1) Supply all the standard SSL stuff
-Dmingle.ssl.port=7071
-Dmingle.ssl.keystore=c:\users\rchopra\Mingle34\config\keystore.new
-Dmingle.ssl.keystorePassword=password
-Dmingle.ssl.keyPassword=password
2) Specify that the Site URL is secure
-Dmingle.siteURL=https://RC6186:7071
3) Comment out the mingle.port property
#-Dmingle.port=8090
Step #5
Restart Mingle
If required, enable debug logging (by setting "log4j.rootCategory=DEBUG" ) in MINGLE_INSTALL_DIR/config/log4j.properties
Comments
0 comments
Please sign in to leave a comment.