SynaMan » Enabling SSL
|Subject:||Using SSL certificate with SynaMan or Syncrify|
|Creation date:||11/24/09 6:27 AM|
|Last modified on:||5/30/12 5:11 PM|
If you have purchased a certificate for an IIS server, you can reuse that certificate in both SynaMan and Syncrify.
Using SSL Certificate
NOTE: This article applies to both SynaMan and Syncrify
In order to use HTTPS with SynaMan/Syncrify, you need to purchase an SSL certificate from a certificate authority. The following article demonstrates how to generate a CSR and install a certificate for SynaMan.
Java 2 SDK 1.2 or above must be installed before you can generate your CSR. Once installed, you will be using the "keytool" command to create your key pair and CSR.
if you need additional help regarding this matter.
To Generate the Key Pair
This steps creates a keystore, which is a file that holds certificates.
- Open a console (DOS prompt) on Windows or Terminal on Linux/Unix.
- Enter the following command.
keytool -keysize 2048 -genkey -alias synaman -keyalg RSA -keystore synaman.keystore
- You will be prompted for a password. You will need this password later on.
- Enter Distinguished Name (DN) information:
- First and last name - This is the Common name: The common name is the
fully-qualified domain name (FQDN), Host name, or URL - to which you plan to apply your
certificate. Do not enter your personal name in this field.
- Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
City/Locality - Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
- State/Province - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
- Country code - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
- Confirm that the Distinguished Name information is correct.
To Generate a CSR
Next step is to submit a CSR (SSL Certificate Signing Request) to a certificate authority.
- Enter the following command:
keytool -certreq -keyalg RSA -alias synaman -file synaman.csr -keystore synaman.keystore
- Enter the keystore password you specified earlier.
- This creates a new file called synaman.csr. Open this file in any editor like Notepad.
- Cut/copy and paste the generated CSR into enrollment form of your certificate authority.
- Select Tomcat as your server software.
||Submit CSR and wait for response|
Once you submit a CSR to a certificate authority, you have to wait for their response. It could take anywhere from a few minutes to up to two days before you get a response. The response from certificate authority typically includes an attached file containing your certificate. Some vendors also ask you to download the certificate from a secure website rather than emailing them to you.
You will probably get more than one file from the certificate authority. An SSL certificate creates a trust relationship by creating a chain of certificates. This is analogous to saying that you trust person A, but not C. However, person A trusts person B, who then trusts C. Therefore, it is okay to trust C.
Every file you get from a certificate authority must be added to the keystore you created in the first step.
Adding certificates to the keystore
You must add certificates in the order specified by certificate authority. The following example show how to add a root certificate, two intermediate certificates, and finally the actual certificate that is created for you.
Importing Root Certificate
keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore synaman.keystore
Now add two intermediary certificates. Replace Alias1, Alias2, File1 and File2 with actual values provided to you.
keytool -import -trustcacerts -alias Alias1 -file File1.crt -keystore synaman.keystore
keytool -import -trustcacerts -alias Alias2 -file File2.crt -keystore synaman.keystore
Finally, add the actual certificate that is meant for your copy of SynaMan using the following command.
keytool -import -trustcacerts -alias synaman -file yourCertificate.crt -keystore synaman.keystore
Replace the existing certificate with the new one. Copy synaman.keystore file $INSTALLDIR\htdocs\sslCert folder.
Next, look for a file called server.properties in the $INSTALLDIR/config folder. If
this file does not exist, create it and append the following content:
Replace the password with the actual value and restart SynaMan. Once the certificate is installed, you should be able to use HTTPS rather than HTTP to connect and securely transfer files.
NOTE: If you are creating the keystore for Syncrify, rename synaman.keystore to syncrify.keystore once it has been copied to the $INSTALLDIR\htdocs\sslCert directory. If there already exists a syncrify.keystore, rename this to syncrify_selfSigned.keystore before copying the keystore you have just created.
Posted by Ron C on 12/4/09 2:24 PM
RonC again. All the commands look good now -- in IE, Firefox, and Chrome. Thanks for the fix.
Posted by RonC on 11/29/09 12:06 PM
RonC again. If you're having trouble seeing all the keytool commands, do a 'view source'. All the commands are in the page source code.
Posted by Ron C on 11/28/09 11:47 AM
The command to generate the Key Pair seems to be missing the first keyword, i.e., keytool. Shouldn't the command be something like this:
keytool -genkey -alias synaman -keyalg RSA -keystore synaman.keystore
Here's a link to what I see -- the commands seem to be incomplete:
Add a comment to this document
Do you have a helpful tip related to this document that you'd like to share
with other users? Please add it below. Your name and tip will appear at the
end of the document text.