Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL Setup Making PROPworks® Applications Secure

Published byGerald Chapman Modified over 6 years ago

Similar presentations

Presentation on theme: "SSL Setup Making PROPworks® Applications Secure"— Presentation transcript:

1 SSL Setup Making PROPworks® Applications Secure
Cover example with photo as background Insert new photo: Click on Insert photo-icon on slide and Insert new photo Right-click on photo and choose ‘Send to Back’ to have the shape visible again. Use Crop Tool under Picture Tools to pan and zoom Beware: when you add or replace a picture, it may come to the front. Right click on it and select ‘Send to back’ to re-arrange it. To update the text, just click on the text To get more slides with this layout just copy this slide and paste Making PROPworks® Applications Secure © Amadeus IT Group and its affiliates and subsidiaries Brian Smith; Manager, Product Delivery-Business Systems Amadeus Airport IT Americas, Inc. – 2017 User Conference

2 Obtaining SSL Certificate Generating Java Keystore Configuring Jboss
SSL Overview Obtaining SSL Certificate Generating Java Keystore Configuring Jboss Configuring PROPworks Application © Amadeus IT Group and its affiliates and subsidiaries

3 SSL Overview © Amadeus IT Group and its affiliates and subsidiaries

4 What is SSL Secure Socket Layer Typical uses
Encrypted link between client and server Typical uses Web pages ( Mail server (Outlook, Gmail, etc.) To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

5 What is SSL Continued © Amadeus IT Group and its affiliates and subsidiaries

6 PROPworks Applications
More securely transmit username and password from web login screen to Application Viewer Portal To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

7 Obtaining SSL Certificate
© Amadeus IT Group and its affiliates and subsidiaries

8 Generate CSR Certificate Signing Request (CSR)
Required to activate certificate Recommended at least a 2048 bit key Multiple ways to create, here is one example using openssl openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr Replace “yourdomain.com” with server address openssl req -new -newkey rsa:2048 -nodes -keyout amadeus.com.key -out amadeus.com.csr To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

9 Generate CSR Openssl example continued If successful the following text should appear (or something similar) Generating a 2048 bit RSA private key writing new private key to ‘amadeus.com.key' You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value. If you enter '.', the field will be left blank. To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

10 Generate CSR Openssl example continued
Answer the questions provided, for example Country Name (2 letter code) [US]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [My Company Name]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:<secret password> An optional company name []: Leaving the answer blank will select the default answer in brackets []. If the answer is to be left blank, enter a period ‘.’ © Amadeus IT Group and its affiliates and subsidiaries

11 Generate CSR Openssl example continued
Answer the questions provided, for example Country Name (2 letter code) [US]: State or Province Name (full name) [Some-State]:Florida Locality Name (eg, city) []:Orlando Organization Name (eg, company) [My Company Name]:amadeus Organizational Unit Name (eg, section) []:. Common Name (e.g. server FQDN or YOUR name) []:amadeus.com Address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: aMaDEUS=airit An optional company name []:. Leaving the answer blank will select the default answer in brackets []. If the answer is to be left blank, enter a period ‘.’ © Amadeus IT Group and its affiliates and subsidiaries

12 Purchase SSL Certificate
SSL Certificate needs to be purchased Use your sites preferred provider i.e. Provide output from CSR to certificate provider CSR will appear to be a series of random characters between a start and end line -----BEGIN CERTIFICATE REQUEST----- <Random characters in here> -----END CERTIFICATE REQUEST----- Download Certificate and Certificate Authority (CA) root bundle Unzip if necessary To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

13 Generating Java Keystore
© Amadeus IT Group and its affiliates and subsidiaries

14 Generate Keystore Create pkcs12 file from you SSL Certificate
Step 1 Create pkcs12 file from you SSL Certificate openssl pkcs12 -export -in yourdomain.com.crt -inkey yourdomain.com.key -out yourdomain.com.p12 -name default -CAfile your_provider_bundle.crt -caname root Replace “yourdomain.com” with server address and “your_provider_bundle” with provider information openssl pkcs12 -export -in amadeus.com.crt -inkey amadeus.com.key -out amadeus.com.p12 -name default - CAfile your_provider_bundle.crt -caname root To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

15 Generate Keystore Import PKCS12 file into a keystore Step 2
keytool -importkeystore -deststorepass <secret password> -destkeypass <secret password> -destkeystore yourdomain.com.jks -srckeystore yourdomain.com.p12 - srcstoretype PKCS12 -srcstorepass <secret password used in csr> -alias default Replace “yourdomain.com” with server address and “your_provider_bundle” with provider information keytool -importkeystore -deststorepass airit -destkeypass airit -destkeystore amadeus.com.jks -srckeystore amadeus.com.p12 -srcstoretype PKCS12 -srcstorepass aMaDEUS=airit -alias default To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

16 Configuring Jboss © Amadeus IT Group and its affiliates and subsidiaries

17 Copy Keystore Move newly generated keystore to Jboss Example
Name of file: yourdomain.com.jks Move location: <INSTALL_HOME>\standalone\configuration Example C:\PWAppServer\standalone\configuration\amadeus.com.jks To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

18 Configure Standalone.xml
Copy standalone.xml file Located in: <INSTALL_HOME>\standalone\configuration Open standalone.xml file using text editor (Notepad++ preferred) Add the following security realm at approximately line 45 To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

19 Configure Standalone.xml
Continued Add the https-remoting-connector under <subsystem xmlns="urn:jboss:domain:remoting:2.0"> (Approximately line 507) Add the https-listener under <subsystem xmlns="urn:jboss:domain:undertow:1.2"> (Approximately line 636) To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

20 Configure standalone.xml
Continued Modify the https port number to the port being used (i.e. 8443) (approximately line 688) To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

21 Configuring PROPworks Application
© Amadeus IT Group and its affiliates and subsidiaries

22 Update PROPworks Backup propworks.properties Edit propworks.properties
<INSTALL_HOME>\propworks\conf\propworks.properties Edit propworks.properties Add this line: propworks.ssl.enabled=Y Update this line: propworks.http.port To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

23 Additional Resources Openssl download https://www.openssl.org/source/
To update the text, just click on the text More slides with this layout: Copy slide and paste © Amadeus IT Group and its affiliates and subsidiaries

24 Thank you! AmadeusITgroup Backcover option 2
© Amadeus IT Group and its affiliates and subsidiaries amadeus.com amadeus.com/blog You can follow us on: AmadeusITgroup

Download ppt "SSL Setup Making PROPworks® Applications Secure"

Similar presentations

Financial Aid Management System Account Registration and Confirmation.

Financial Aid Management System Account Registration and Confirmation.
The Way to Success … Sta rt Sta rt Ak Technologies Mo. +91-94264 50998 | 98253 78685 . Visit.

The Way to Success … Sta rt Sta rt Ak Technologies Mo | Visit.
HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.
Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.

Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.
Using Gmail With Selected Process: Mail Fetcher Kevin Mackowick, Tolgahan Kurt, Matthew Wessel, Michael Hincke, and Brian Thackston.

Using Gmail With Selected Process: Mail Fetcher Kevin Mackowick, Tolgahan Kurt, Matthew Wessel, Michael Hincke, and Brian Thackston.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Lockdown of a Basic Pool.
Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.

Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.
Mozilla Thunderbird Roderick Bautista Cheryl Knott Gyeong Lee Lee Raynes Kelly Santos.

Mozilla Thunderbird Roderick Bautista Cheryl Knott Gyeong Lee Lee Raynes Kelly Santos.
Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.

Zach Miller Condor Project Computer Sciences Department University of Wisconsin-Madison Securing Your Condor Pool With SSL.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
© 2012 Boise State University1 WordPress Training February 14, 2013.

© 2012 Boise State University1 WordPress Training February 14, 2013.
© 2012 Boise State University1 WordPress Training February 14, 2013.

© 2012 Boise State University1 WordPress Training February 14, 2013.
Pronto4! User Training Web Version (July 2011) Prepared by: Data Centre Department Polytechnic of Namibia.

Pronto4! User Training Web Version (July 2011) Prepared by: Data Centre Department Polytechnic of Namibia.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.

Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Downloading and Installing Autodesk Inventor Professional 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the.

Downloading and Installing Autodesk Inventor Professional 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the.
호스트 인증서 신청 방법 How to Request Host Certificate 2007.10.01.

호스트 인증서 신청 방법 How to Request Host Certificate
Amber Johnson U.S. Department of Education WVASFAA Fall 2015 Conference October 29, 2015 FSA ID: The FSA PIN Replacement.

Amber Johnson U.S. Department of Education WVASFAA Fall 2015 Conference October 29, 2015 FSA ID: The FSA PIN Replacement.
LINCWorks Mesh Networking User Guide. This user guide will give a brief overview of mesh networking followed by step by step instructions for configuring.

LINCWorks Mesh Networking User Guide. This user guide will give a brief overview of mesh networking followed by step by step instructions for configuring.
Classroom Wiki Tutorial EDIC 763 Instructional Design Fall 2011 Aysha Bajabaa Dr. Gary Whitt 1 NextBack.

Classroom Wiki Tutorial EDIC 763 Instructional Design Fall 2011 Aysha Bajabaa Dr. Gary Whitt 1 NextBack.

Similar presentations

Ads by Google