| Trust public key of other servers | ||
|---|---|---|
 | Chapter 7. Security |  |
| Trust public key of other servers | ||
|---|---|---|
| | Chapter 7. Security | |
There is often the case that you want to make QuickBuild trust public key of other servers during a SSL connection. This is necessary when you want to authenticate users through LDAPS (LDAP over SSL) protocol or send email through SMTPS (SMTP over SSL) protocol. Otherwise, a SSLHandshakeException may occur indicating "unable to find valid certification path to requested target" when QuickBuild tries to establish SSL connection with related servers. Do the following to trust an existing public key:
Get public key of the server. The public key should be saved
into a file, say pubkey.pem, with the first
line being "-----BEGIN CERTIFICATE-----", and
last line being "-----END
CERTIFICATE-----".
At the machine where you run QuickBuild, run below command:
/path/to/JDK/bin/keytool -import -alias nameOfTargetServer -keystore /path/to/keystore -file /path/to/pubkey.pem
Follow prompt of this command to input keystore password, and answer yes to trust the certificate.
Add the option
-Djavax.net.ssl.trustStore=/path/to/keystore to
the Java command which is used to launch your application server,
and restart the application server. If QuickBuild is running with
shipped Tomcat, you should edit file <QuickBuild
installation directory>/tomcat/bin/catalina.bat (or
catalina.sh if you are running on UNIX like systems) to change the
line defining JAVA_OPTS and add the option
mentioned here.
| |  | |
| Enable anonymous access and user self-registering |  | Secure QuickBuild through https (http over SSL) |