Servoy Forum

[bcusick]

How to use Servoy and SSL:

1)

Create a Certificate Signing Request (CSR) using keytool. Enter the
command:

keytool -genkey -alias sslkey -keyalg RSA -keystore servoy.ks
-validity 360

NOTE: you can make the alias (sslkey) whatever you want
NOTE: you can call the keystore file (servoy.ks) whatever you want
NOTE: you can make the validity (in days) whatever you want

a) Enter a keystore password (whatever you want)
b) Now keytool asks for your first and last name. Enter the
Fully Qualified Domain Name of the host that Servoy Server
is running on. For example: www.mycompany.com
c) Fill in something relevant for the rest of the fields.
d) Enter the password for this key.
USE THE SAME PASSWORD AS IN STEP a!!!
In other words, JUST PRESS RETURN.

Enter the command:

keytool -certreq -alias sslkey -keyalg RSA -file servoy.csr -keystore
servoy.ks

e) MAKE A BACKUP COPY OF THESE FILES. IF YOU LOSE THEM OR ACCIDENTALLY
DESTROY THEM YOU WILL HAVE PAID FOR NOTHING!!!

2)

Browse to http://www.instantssl.com

Click Instant SSL button (top right, under Free SSL),
or click Free SSL to test all this first before paying for it.
If you chose Instant SSL select your duration (1, 2, or 3 years)
(MAKE SURE THIS VALIDITY IS SHORTER THAN THE VALIDITY YOU CHOSE
ABOVE, OTHERWISE YOU ARE PAYING FOR MORE THAN YOU WILL GET!!!)

Copy the contents of the servoy.csr file into the form where it says
to copy your CSR to. Select OTHER for the software used to generate it.
Deselect all the checks of step 4 on the web page (newsletters and
other irritating stuff).

Now just fill in the stuff and follow this instructions (corporate
details, etc, etc).

3)

Import the signed .crt file which you received from Instant SSL into
your keystore:

keytool -import -alias sslkey -keystore servoy.ks -trustcacerts -file
servoy.crt

Type the correct password and trust the certificate.

4)

Copy this keystore file (servoy.ks) to a location on the machine which
runs Servoy Server. In the admin pages select Network Settings, and
fill in the correct location for the SSLKeystorePath and the correct
password for the SSLKeystorePassword.

Restart the server.

NOTE:

YOUR KEYSTORE CONTAINS VERY SENSITIVE INFORMATION!! IF THIS INFORMATION
IS COMPROMISED PEOPLE CAN DO ALL KINDS OF NASTY STUFF SUCH AS LISTEN
IN ON AND MODIFY YOUR SUPPOSEDLY ENCRYPTED INFORMATION. IF YOU EVEN
FIND OUT THAT THIS HAS HAPPENED (WHICH IS A BEST CASE SCENARIO) YOU
WILL HAVE TO REVOKE THE CERTIFICATE AND PURCHASE A NEW ONE.

IF YOU LOSE OR ACCIDENTALLY DESTROY YOUR KEYSTORE, YOU WILL ALSO HAVE TO
PURCHASE A NEW CERTIFICATE. MAKE PROPER BACKUPS AT ALL TIMES AND MAKE
SURE ONLY AUTHORIZED PERSONNEL HAS ACCESS TO THESE BACKUPS!!