• Configuring SSL involves three essential steps,
  • Generate a key pair (a public key and private key) and store it in a keystore
  • Generate an SSL Certificate so the public key can be confirmed as genuine
  • Export the SSL Certificate to the trusted certificate file, cacerts

Once cacerts has the self-signed certificate, and the key pair is stored in the keystore, the EASA Server can be configured to run HTTPS.

Two methods are detailed below:

• keytool → a command-line tool which comes with the Java Runtime Environment.
• Keystore Explorer → a gui-oriented Windows utility

After a key pair has been created and stored in easastore.jks and an SSL Certificate has been created and installed in cacerts, EASA can be configured to use Secure SSL mode following the steps below.

The two methods above produce cacerts and easastore.jks files in two possible locations, use the one that corresponds to your case.

• keytool case
  • <EASAROOT>\jre\bin\
• Keystore Explorer case
  • New Folder\

• Copy the updated cacerts and easastore.jks files to the following locations creating the necessary folders,

1. For each EASA Server and Excel Server, copy the new cacerts file to its original location
   • <EASAROOT>\jre\lib\security\cacerts
2. Copy the cacerts file to the following client folder
   • <EASAROOT>\webapps\easa\client\security
3. Copy the cacerts file to the following folders on any machines where the EASA Client (including the EASAP Builder) is installed
   • Program Files (x86)\<EASA_Client_x.x>\jre\lib\security
4. For the EASA Server copy the easastore.jks file to
   • <EASAROOT>\tomcat\conf\

Once the SSL key pair and certificate are in the expected locations, the last task is to configure the EASA Server to use HTTPS.

• 1 → Edit the file <EASAROOT>\webapps\easa\WEB-INF\web.xml
  • Delete the following section if it exists,

<servlet-mapping>
  <servlet-name>UserData</servlet-name>
  <url-pattern>/client/security/*</url-pattern>
</servlet-mapping>

• 2 → Edit the file <EASAROOT>\tomcat\conf\server.xml file as follows,
  • → Add the following Connector tag
    • (Edit the port number and other attributes as required)

<Connector port="8443" maxThreads="150" 
  minSpareThreads="25" maxSpareThreads="75" enableLookups="false"   
  disableUploadTimeout="true" scheme="https" secure="true" 
  SSLEnabled="true" keystoreFile="./conf/easastore.jks" 
  keystorePass="123123" acceptCount="100" debug="0" 
  clientauth="false" sslProtocol="TLS" URIEncoding="UTF-8" />

• 3 → Edit the original Connector tag (often identified by port=80 or port=8080) by adding the attribute,
  • redirectPort=“8443”
  • (The port number should be the same as the one defined in the SSL Connector tag above).

• 4 → In the <SERVERDATA>\jsf-easa\admin\config\context.properties file set,
  • # url for connection from web browser to easa server,
  • # if easa server is a remote machine
  • easa.server.public=https://domain_name:8443/easa

• 5 → Optionally set a 'private' url for connection to the EASA Server when a User connects to the address above,
  • easa.server.private=https://domain_name:8443/easa

• 6 → Finally, tell the EASA Server where to find the EASAP Server ('JSF' Server),
  • jsf.public.url=https://domain_name:8443/jsf-easa
    • If these are set properly, EASAP's will open.

• 7 → Stop and then Start the EASA Server software.

Prior to installation, the EASAP Builder and Compute Server Config Tool (together historically known as the EASA Client) will look for a cacerts file in a folder called security\

• To install the EASA Client with a custom cacerts file,
  1. Contact us for link to download the EASA Client installer for Windows: support@easasoftware.com, then download it.
  2. In the same folder create a folder with the name security
  3. Copy the custom cacerts to security\cacerts
  4. Run the installer
  5. The EASA Client and the custom cacerts file will be installed
  6. Once the installation is complete,
     • → The Builder and Compute Server Config Tool will use the custom SSL encryption settings

After SSL has been configured and activated a customer may wish all plain http requests be redirected to encrypted https urls.

• To insure that a browser that requests an http url is redirected to an https url,
  1. Open the file below with a text editor,
     • <EASAROOT>\webapps\easa\WEB-INF\web.xml
  2. Uncomment the block,

<security-constraint>
<web-resource-collection>
	<web-resource-name>Protected Context</web-resource-name>
	<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you require authentication -->
<user-data-constraint>
	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>