Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3DS.COM
3DS.COM © Dassault © Dassault Systèmes
Systèmes
Written by Rushiraj K.
Validated by Sushma C.
Edited by Véronique LECOEUR
White Paper
Executive Summary
SSL (Secure Socket Layer) is a technology for establishing an encrypted link
between a server and a client – typically a web server (Website) and a browser.
Industries can establish secure communication for their web-based
visualization products like AutoVue used to view, digitally annotate and
collaborate on technical and business documents which are stored and
retrieved from ENOVIA Web-based application.
This White Paper has for target audience beginners and administrators who
want to understand the concept, the need of secure socket layer and its
implementation. It gives an overview of the SSL Concept and on configuring
SSL on a TOMCAT server which can secure data exchange through web for
ENOVIA and AutoVue.
2
White Paper
Contents
1. Introduction to SSL ........................................................................................... 4
1.1. How SSL Works ................................................................................................. 4
1.2. How does the SSL Certificate Create a Secure Connection .............. 5
2. Configuring SSL for ENOVIA ..................................................................... 5
2.1. Pre-Requisites .................................................................................................... 6
3
White Paper
1. Introduction to SSL
SSL (Secure Sockets Layer) is a security technology for establishing an encrypted link
between a server and a client by implementing encrypted data and certificate-based
authentication. The main purpose of the SSL protocol is to guarantee that no one can
tamper with the communication between a client and the server where the web application is
deployed. e.g.: usernames and passwords or credit card information when using e-
commerce web sites etc.
SSL protects the sensitive information as it travels across the world over the web. The
sensitive information is sent across the internet encrypted so that only the intended recipient
can understand it. In addition to encryption, it also provides authentication. This means user
can be sure that he is sending the information to the right server. Thus maintains the
confidentiality, message integrity, and authentication.
SSL Certificates have a key pair: a public and a private key. These keys work together to
establish an encrypted connection. The certificate, also contain basic information about the
site to which they belong, such as the domain name, owner name and company name.
Once the SSL Certificate from Server is trusted by the browser on the client machine it
implies that the client now trusts that organization’s identity too. The browser lets the user
know that the website is secure, and the user can feel safe browsing the site and even
entering their confidential information
4
White Paper
5
White Paper
2.1. Pre-Requisites.
Before starting with the configuration, few check points have to be met. These Pre-
Requisites help in avoiding errors at later stage of the procedure.
a. Java 1.5 or higher must be installed on the Server machine.
b. Java has been added to the "PATH" variable.
c. The path JAVA_HOME/jre/lib/security/ has been added to the "CLASSPATH"
variable. If "CLASSPATH" does not exist then it should be created in the environment
variables.
d. A supported level of Apache Tomcat has been installed on the Server.
e. CATALINA_HOME environment variable has been set to appropriate CATALINA
home directory.
Example: CATALINA HOME = F:\V6Stacks\V6R2013x_SSL\apache-tomcat-6.0.32
When prompted, specify a password (e.g. change it) and note it. Keep the store password
and key password the same.
c. On successful execution of the keytool command, a file named .keystore is created in
the CATALINA_HOME directory. Verify that the .keystore file has been created in the
CATALINA_HOME directory.
d. Next step is to enable SSL setting in Apache Tomcat. To do so, change the directory
to CATALINA_HOME\conf\ directory. Open the server.xml file in text editor and then
6
White Paper
search for the string "scheme="https". Uncomment the definition of the SSL connect
on port that has "scheme=https" as attribute and update the definition as follows:
Note: The value of keystorePass in the above descriptor should be the value for the
password specified in step b.
e. Run the Tomcat server.
f. Access the link https://SERVERNAME:8443/, where SERVERNAME is the full
computer name of the machine on which the application server is running. If the
setup is fine, then you should be able to view the Tomcat home page.
A. If the FCS URL is the same as the MCS URL, then the following settings should be
done on the MCS server.
B. Start the instance of the application server in which the MCS application is deployed.
C. Note the path of JAVA_HOME to which the application server in which the FCS
application is deployed is referring.
Copy the below entire program in a text file and then save it as InstallCert.java to
JAVA_HOME\jre\lib\security\ directory:
/*
* are met:
7
White Paper
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO,
*/
import java.io.*;
import java.net.URL;
8
White Paper
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
throws Exception {
String host;
int port;
char[] passphrase;
host = c[0];
passphrase = p.toCharArray();
else {
return;
if (file.isFile() == false) {
9
White Paper
if (file.isFile() == false) {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
10
White Paper
socket.setSoTimeout(10000);
try {
socket.startHandshake();
socket.close();
System.out.println();
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
if (chain == null) {
return;
System.out.println();
System.out.println();
11
White Paper
sha1.update(cert.getEncoded());
md5.update(cert.getEncoded());
System.out.println();
try {
} catch (NumberFormatException e) {
return;
ks.setCertificateEntry(alias, cert);
12
White Paper
ks.store(out, passphrase);
out.close();
System.out.println();
System.out.println(cert);
System.out.println();
alias + "'");
b &= 0xff;
sb.append(' ');
return sb.toString();
SavingTrustManager(X509TrustManager tm) {
13
White Paper
this.tm = tm;
public X509Certificate[]getAcceptedIssuers() {
throws CertificateException {
throws CertificateException {
tm.checkServerTrusted(chain, authType);
After successful execution of the above command, two files are created:
InstallCert.class and InstallCert$SavingTrustManager.class, verify that these files are
created in the security directory.
14
White Paper
F. Ensure that the current directory is JAVA_HOME\bin\ in the cmd window and execute
the below command, specifying the complete path of InstallCert.java
(i.e.,JAVA_HOME\jre\lib\security\InstallCert.java):
> java "JAVA_HOME\jre\lib\security\InstallCert.java" SERVERNAME:HTTPS_PORT
G. When prompted, add the certificate to the trusted keystore by pressing the Enter key.
The following message should be displayed:
"Added certificate to keystore 'jssecacerts' using alias SERVERNAME-1"
H. Run the command in Step 6 again to cross verify that the certificate has been added
to the keystore.
Launch the https URL, although the URL should throw a trusted certificate warning
message as shown in the fig.
In addition to enabling SSL and setting up the keystore/truststore for the application server,
you must perform the following steps so that the AutoVue server can trust the application
server’s certificate:
15
White Paper
To enable SSL between AutoVue Client and Vueservlet, the following steps need to be
done:
On this page, click on “continue to this website” this should take the user to ENOVIA login
page.
1. In this step, we have to trust the certificate by importing the certificate into Internet
Explorer. Click on the certificate, view the certificate and then click on install
certificate.
16
White Paper
2. Browse and select “Trusted Root Certification Authorities” as shown in the figure 6.
Then install the certificate to import the certificate to IE.
3. Once you have successfully imported the certificate, now export the certificate from
Internet Explorer as a base-64 encoded format and save the certificate onto the
local disk. For example, C:\certs.cer
17
White Paper
4. Import the certificate into the JRE of the AutoVue server using Java’s keytool
command:
<Java Install Directory>\bin>keytool -import -alias <servername> -file c:\certs.cer -
trustcacerts -v -keystore C:\Oracle\AutoVue\jre\lib\security\cacerts
5. Copy the certs.cer to the client machine (c:\certs.cer) and Import certificate in jdk of
client machine using Java’s keytool command:
<Java Install Directory>\bin>keytool -import -alias <servername> -keystore
"C:\Program Files\Java\<jdk_installed>\jre\lib\security\cacerts" -file "c:\certs.cer"
Optional: If user is using separate JRE then import the certificate in JRE of client
machine using Java’s keytool command:
NOTE: If user wants to check-in data to ENOVIA via any integration from a client
machine, then it is compulsory to import the certificate to the jdk/jre that is used by
that integration (Step 5 and optional step needs to be done)
With these steps SSL is successfully enabled between AutoVue Client and
VueServlet. Now SSL between VueServlet and AutoVue Server is to be done which
is discussed in next section.
1. In the web.xml descriptor file for the VueServlet, add the following init-param:
<init-param>
<param-name>EnableSSL</param-name>
<param-value>true</param-value>
</init-param>
18
White Paper
19
White Paper
4. Summary
Through this document we tried to give a clear and precise idea about SSL, and how SSL
can be enabled for ENOVIA and AutoVue. With this, the user can secure the data exchange
for ENOVIA and AutoVue over the web.
We now understood how SSL helps in securing data and provides a strong sense of
confidentiality, message integrity, and server authentication to users. In this way SSL is
growing in popularity as the users grow more confident for not only shopping, online banking
but also embracing online application such as ENOVIA.
20
White Paper
5. Bibliography
- http://www.digicert.com/ssl.htm
- https://www.globalsign.com/ssl-information-center/what-is-ssl.html
- http://info.ssl.com/article.aspx?id=10241
- https://www.instantssl.com/ssl.html
- http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
- http://luxsci.com/blog/how-does-secure-socket-layer-ssl-or-tls-work.html
- http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
- http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.html
-
http://pic.dhe.ibm.com/infocenter/rdirserv/v5r1m0/index.jsp?topic=%2Fcom.ibm.rational.rds.
- http://www.mulesoft.com/tomcat-ssl
- http://www.techpaste.com/2013/11/secure-socket-layer-ssl-works-ssl/
- http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
- http://jmiller.uaa.alaska.edu/csce465-fall2013/papers/cisco2002.pdf
-
http://media.3ds.com/support/documentation/product/V6R2013x/en/English/DSDoc.htm?tick
et=ST-819150-c0mvPgt2QX62HoymgcqP-cas
- http://www.oracle.com/technetwork/documentation/autovue-091442.html
21
White Paper