Secure Global Desktop 4.31 Administration Guide > Security > Securing the SOAP connections to a Secure Global Desktop server
Client applications, such as the browser-based webtop, use the SOAP protocol (over HTTP) to access the web services provided by a Secure Global Desktop server. You should use HTTPS to secure these SOAP connections if you:
com.tarantella.tta.webservices.client.views
package, either on the same host as Secure Global Desktop or on a different host.Note If you develop your own client, for example because you want to use a different programming language, you need to develop your own methods for securing the SOAP connections. This page gives the general principles you need to implement.
To secure the SOAP connections, the client must be configured to use HTTPS and to trust the X.509 certificates for any Secure Global Desktop servers it connects to. Follow these steps:
You install server certificates with the keytool
application, see the Java 2 SDK Tools and Utilities documentation for details.
You store the certificates in the certificate store for the Java 2 Runtime Environment (JRE) used by the Secure Global Desktop server,
/opt/tarantella/bin/jre/lib/security/cacerts
.
You must add the X.509 certificate for each each member of the array. The certificate for each server is stored in /opt/tarantella/var/tsp/cert.pem
.
Run the following command:
/opt/tarantella/bin/jre/bin/keytool -import \ -file /opt/tarantella/var/tsp/cert.pem \ -keystore /opt/tarantella/bin/jre/lib/security/cacerts \ -storepass changeit \ -alias hostname
webapps/sgd/WEB-INF/classes/com/tarantella/tta/webservices/client/apis
directory.Resources.properties
file.http://server:port/service
(the default is http://localhost:80/service
).localhost
for the server if the webtop/application is on the same host as Secure Global Desktop. Otherwise, use the fully qualified DNS name of a Secure Global Desktop server.https://boston.indigo-insurance.com:443/axis/services/rpc/print
.Resources.properties
file.tarantella webserver restart --ssl
.Resources.properties
file. You must also make sure the web server is configured to accept HTTPS connections and restart it.If you have relocated the browser-based webtop to another host, or if you have developed your
own applications on another host using the
com.tarantella.tta.webservices.client.views
package, you must edit
both the relocated Resources.properties
file and the one on the
Secure Global Desktop server.
In the relocated Resources.properties
file, the URLs must be for the Secure Global Desktop server the client application will connect to, for example
https://boston.indigo-insurance.com:443/axis/services/rpc/print
.
In the Resources.properties
file on the Secure Global Desktop host, amend the URLs to https://localhost:443
.
You have to create two keystores:
For the HTTPS connections to the Secure Global Desktop server, you must create your own
keystore on the remote host, using your own JDK. This keystore must contain the Secure Global Desktop server certificate. Add the details of this keystore to the relocated Resources.properties
file, by editing the following lines:
keystore=keystore keystorepass=password
For the HTTPS connections from the Secure Global Desktop server to the remote host, you must install the root certificate for the remote host into the keystore (the cacerts
file) for the JRE used by the Secure Global Desktop server. You do this using the keytool application:
/opt/tarantella/bin/jre/bin/keytool -import \ -keystore /opt/tarantella/bin/jre/lib/security/cacerts \ -storepass changeit \ -file certificate_path \ -alias remote_hostname
Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.