Webtop or any of its derivatives can be locked down using SSL. SSL can be enforced at the application level where Webtop is running(eg- tomcat) or have a forward proxy enforce the SSL(Eg - IIS).
This post will walk through
1. Setting up Webtop on SSL using tomcat
2. Bridging IIS and Tomcat(non SSL) using ISAPI connector
3. Setting up SSL on IIS and accessing Webtop on tomcat through ISAPI connector
Setting up Webtop on SSL using tomcat
1. If you have JDK 1.5 or higher go to the JDK bin dir and execute
keytool -genkey -alias webtopcert -keypass webtopcert -keystore webtopcert.bin -storepass webtopcert
2. The keyTool will ask you a bunch of questions, the only thing that is important here is to make sure you give the host name of the tomcat machine when it asks for your first and last name.
3. Copy the certificate generated(in our case webtopcert.bin) to any directory of your choice, better if you put in in a directory inside tomcal installation.
4. open up server.xml from %Tomcat%/conf and uncomment the tag that starts with Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true".
5. Add the follwong attributes to the tag.
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\webtopcert.bin"
keystorePass="wdkapps"
6. A little tweak is needed to get UCF to play well with SSL. In the ucf.installer.config.xml file in the appserver add the following XML snippet.(C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webtop\wdk\contentXfer)
<option name="https.host.validation" persistent="false">
<value>false</value>
</option>
This will make sure that for new clients this ucf option is set in the downloaded ucf.client.config.xml file. You could also manually add this option to the downloaded cleint config file in ucf under C:\Documents and Settings\username\Documentum\ucf\hostname\shared\config
try https://hostname:8443/webtop
Bridging IIS and Tomcat(non SSL) using ISAPI connector
The tomcat instruction on how to bridge IIS and tomcat is pretty comprhensive.
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
Start with a simple workers.properties and uriworkermap.properties blow is a sample that I used.
workers.properties
worker.list=worker1
worker.worker1.host=10.241.209.30 <-- this is the host where tomcat is running worker.worker1.port=8009 <-- make sure the port 8009 is open on the tomcat m/c worker.worker1.lbfactor=3.5 worker.worker1.cachesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=300
uriworkermap.properties
/examples/*=worker1
/examples/*.jsp=worker1
/examples/servlet/*=worker1
#This will forward every request to tomcat, so /webtop should also get forwarded to tomcat
/*=worker1
try http://hostname/webtop
Setting up SSL on IIS and accessing Webtop on tomcat through ISAPI connector
In this scenario tomcat where webtop is installed is not in SSL mode. IIS can be set up in SSL mode(link below) and bridged to tomcat through ISAPI as per the instructions above. Here is a very detailed tutorial how you can set up IIS in SSL mode using a self signed certificate.
http://www.xenocafe.com/tutorials/self_signed_cert_IIS/self_signed_cert_IIS-part1.php
try https://hostname/webtop
Subscribe to:
Post Comments (Atom)
It was really most useful steps for me. I'd like to suggest readers to make sure match the host name with URL before deploying the certificate. i.e., https://localhost:8443/webtop
ReplyDeletelocalhost is the host name in the URL. This should match with the CN otherwise Export, Check-out,...will not work.
Follow the below solution posted in EMC: esg98401, esg93191
Amit Kumar Gupta