SSL Setup Making PROPworks® Applications Secure Cover example with photo as background Insert new photo: Click on Insert photo-icon on slide and Insert new photo Right-click on photo and choose ‘Send to Back’ to have the shape visible again. Use Crop Tool under Picture Tools to pan and zoom Beware: when you add or replace a picture, it may come to the front. Right click on it and select ‘Send to back’ to re-arrange it. To update the text, just click on the text To get more slides with this layout just copy this slide and paste Making PROPworks® Applications Secure © Amadeus IT Group and its affiliates and subsidiaries Brian Smith; Manager, Product Delivery-Business Systems Amadeus Airport IT Americas, Inc. – 2017 User Conference

Obtaining SSL Certificate Generating Java Keystore Configuring Jboss SSL Overview Obtaining SSL Certificate Generating Java Keystore Configuring Jboss Configuring PROPworks Application © Amadeus IT Group and its affiliates and subsidiaries

SSL Overview © Amadeus IT Group and its affiliates and subsidiaries

What is SSL Secure Socket Layer Typical uses Encrypted link between client and server Typical uses Web pages (https://...) Mail server (Outlook, Gmail, etc.) To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

What is SSL Continued © Amadeus IT Group and its affiliates and subsidiaries

PROPworks Applications More securely transmit username and password from web login screen to Application Viewer Portal To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Obtaining SSL Certificate © Amadeus IT Group and its affiliates and subsidiaries

Generate CSR Certificate Signing Request (CSR) Required to activate certificate Recommended at least a 2048 bit key Multiple ways to create, here is one example using openssl openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr Replace “yourdomain.com” with server address openssl req -new -newkey rsa:2048 -nodes -keyout amadeus.com.key -out amadeus.com.csr To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Generate CSR Openssl example continued If successful the following text should appear (or something similar) Generating a 2048 bit RSA private key writing new private key to ‘amadeus.com.key' You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value. If you enter '.', the field will be left blank. To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Generate CSR Openssl example continued Answer the questions provided, for example Country Name (2 letter code) [US]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [My Company Name]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:<secret password> An optional company name []: Leaving the answer blank will select the default answer in brackets []. If the answer is to be left blank, enter a period ‘.’ © Amadeus IT Group and its affiliates and subsidiaries

Generate CSR Openssl example continued Answer the questions provided, for example Country Name (2 letter code) [US]: State or Province Name (full name) [Some-State]:Florida Locality Name (eg, city) []:Orlando Organization Name (eg, company) [My Company Name]:amadeus Organizational Unit Name (eg, section) []:. Common Name (e.g. server FQDN or YOUR name) []:amadeus.com Email Address []:brian.smith@Amadeus.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: aMaDEUS=airit An optional company name []:. Leaving the answer blank will select the default answer in brackets []. If the answer is to be left blank, enter a period ‘.’ © Amadeus IT Group and its affiliates and subsidiaries

Purchase SSL Certificate SSL Certificate needs to be purchased Use your sites preferred provider i.e. https://www.ssls.com Provide output from CSR to certificate provider CSR will appear to be a series of random characters between a start and end line -----BEGIN CERTIFICATE REQUEST----- <Random characters in here> -----END CERTIFICATE REQUEST----- Download Certificate and Certificate Authority (CA) root bundle Unzip if necessary To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Generating Java Keystore © Amadeus IT Group and its affiliates and subsidiaries

Generate Keystore Create pkcs12 file from you SSL Certificate Step 1 Create pkcs12 file from you SSL Certificate openssl pkcs12 -export -in yourdomain.com.crt -inkey yourdomain.com.key -out yourdomain.com.p12 -name default -CAfile your_provider_bundle.crt -caname root Replace “yourdomain.com” with server address and “your_provider_bundle” with provider information openssl pkcs12 -export -in amadeus.com.crt -inkey amadeus.com.key -out amadeus.com.p12 -name default - CAfile your_provider_bundle.crt -caname root To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Generate Keystore Import PKCS12 file into a keystore Step 2 keytool -importkeystore -deststorepass <secret password> -destkeypass <secret password> -destkeystore yourdomain.com.jks -srckeystore yourdomain.com.p12 - srcstoretype PKCS12 -srcstorepass <secret password used in csr> -alias default Replace “yourdomain.com” with server address and “your_provider_bundle” with provider information keytool -importkeystore -deststorepass airit -destkeypass airit -destkeystore amadeus.com.jks -srckeystore amadeus.com.p12 -srcstoretype PKCS12 -srcstorepass aMaDEUS=airit -alias default To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Configuring Jboss © Amadeus IT Group and its affiliates and subsidiaries

Copy Keystore Move newly generated keystore to Jboss Example Name of file: yourdomain.com.jks Move location: <INSTALL_HOME>\standalone\configuration Example C:\PWAppServer\standalone\configuration\amadeus.com.jks To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Configure Standalone.xml Copy standalone.xml file Located in: <INSTALL_HOME>\standalone\configuration Open standalone.xml file using text editor (Notepad++ preferred) Add the following security realm at approximately line 45 To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Configure Standalone.xml Continued Add the https-remoting-connector under <subsystem xmlns="urn:jboss:domain:remoting:2.0"> (Approximately line 507) Add the https-listener under <subsystem xmlns="urn:jboss:domain:undertow:1.2"> (Approximately line 636) To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Configure standalone.xml Continued Modify the https port number to the port being used (i.e. 8443) (approximately line 688) To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Configuring PROPworks Application © Amadeus IT Group and its affiliates and subsidiaries

Update PROPworks Backup propworks.properties Edit propworks.properties <INSTALL_HOME>\propworks\conf\propworks.properties Edit propworks.properties Add this line: propworks.ssl.enabled=Y Update this line: propworks.http.port To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Additional Resources Openssl download https://www.openssl.org/source/ To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

Thank you! AmadeusITgroup Backcover option 2 © Amadeus IT Group and its affiliates and subsidiaries amadeus.com amadeus.com/blog You can follow us on: AmadeusITgroup