How to configure Mingle On-Site with SSL
You can find more information on configuring Mingle with LDAP here : http://support.thoughtworks.com/entries/21990694?challenge=vca4uvhphje2dkk
You can turn on HTTPS access by configuring a few properties in mingle.properties as follows:
-Dmingle.ssl.port=8443
-Dmingle.ssl.keystore=/PATH/TO/KEYSTORE
-Dmingle.ssl.keystorePassword=PASSWORD_TO_ACCESS_KEYSTORE
-Dmingle.ssl.keyPassword=KEY_PASSPHRASE
* To specify that the Site URL is secure add : -Dmingle.siteURL=https://<example URL>:8080
* Comment out the mingle.port property #-Dmingle.port=8080
You can have both HTTP and HTTPS enabled for Mingle by setting proper values for both the -Dmingle.port property and the entire -Dmingle.ssl.* section.
You can disable HTTP or HTTPS by not setting either of -Dmingle.port or -Dmingle.ssl.port.
If neither -Dmingle.port nor -Dmingle.ssl.port is given, a default of "8080" for -Dmingle.port will be used.
Your keystore (mingle.ssl.keystore) is a file in which keys and certificates are stored. Mingle requires access to it to provide secure HTTPS connections. Your certificate will need to be imported into this keystore. You can find more information on creating and managing a keystore below.
Your keystore file is password protected, so you need to provide your keystore password as mingle.ssl.keystorePassword. The mingle.ssl.keyPassword entry should contain your key's password.
These properties are only used to configure the SSL port to which Mingle binds on its host machine. Be sure to also configure -Dmingle.siteURL (see advanced configuration) to match the new HTTPS URL.
For Windows users :
* When upgrading, ensure that the keystore file is moved to the new folder structure associated with new version. Say you were migrating from 13.3 to 14.1 then it is possible that the keystore is lying in one of the 13.3 sub folders. Please be sure to move it to the equivalent sub folder under Mingle 14.1 and update mingle.properties with the new path to the keystore
*Or, store the keystore file in Mingle's data directory which will prevent you from ever having to think about its location, or change its path.
If required, enable debug logging (by setting "log4j.rootCategory=DEBUG" ) in MINGLE_INSTALL_DIR/config/log4j.properties
Some handy keytool commands brought to you by http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
Generate a Java keystore and key pair
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Delete a certificate from a Java Keytool keystore
keytool -delete -alias mydomain -keystore keystore.jks
Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks
Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt
Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks
Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
Comments
0 comments
Please sign in to leave a comment.