Instructions for SSL/TLS¶
We recommend that you secure your 3forge applications, especially if they contain sensitive information.
To secure applications via SSL/TLS, you will need to set up a keystore and truststore for your certificates.
To generate certificates, use Java's keytool which will be supplied in the 3forge installation or your any other Java installation on your machine. Locate where the keytool is (/PATH_TO_YOUR_JDK_DIRECTORY/bin) and add it to your PATH variable.
Then, follow the instructions on generating certificates using keytool by Oracle. For more information on keytool, please see the Oracle documentation (Java 7, Java 8).
Server Example:¶
To generate a server certificate 3forge_server.cer to give to clients:
You will be prompted to enter the password for your keystore. Configure your options accordingly.
Client Example:¶
To import the server certificate into the keystore file and generate a key for the user (to be verified by the server):
Note
You will need to export the client certificate and import it into the server.jks. You should also make sure that in the case of multiple clients, each client has a unique client.jks file.
Server Configuration¶
Ensure that your server keystore is in the correct directory. Then add the following properties to your local.properties:
To configure the client, copy the client.jks file to the client, and instead of calling the function AmiClient::start(host, port, loginId, options), call: