How To Set Up Mobile Client on Sites using SSL
Solution
To allow the
Mobile Client to Connect to an SSL site one of the following options
must be configured.
Note: The current release of the
Mobile Client does not support connecting to a site that has SSL enabled and
also requires Windows Authentication.
Option 1: Modify
the repository.properties file.
Note: This will allow the Mobile Client Connector to
communicate to DocuShare “under the hood” via the tomcat port (even when the
tomcat port is disabled).
To edit the
repository.properties file:
Warning: Do not do the edits
below unless you are prepared to stop and restart the DocuShare Server as per
the instructions below. The
repository.properties file cannot be updated while DocuShare is running and
will cause issues and errors in DocuShare.
1.
Stop
DocuShare.
2. Open a Command Prompt
window.
3. Change into the <dshome>\bin directory.
4. Type start_docushare env
5. Identify the Tomcat Port
and ROOT_base.
Example:
Tomcat HTTP =on (8080)
Tomcat DocuShare Root =
/docushare
6.
Open Windows Explorer
and browse to the <dshome>\config directory.
7.
Open the amber.properties
file in a text editor.
8.
Search for the following
entry:
doc_base=/docushare/
9.
Make note of the docushare root (doc_base) that is
configured. (Example has entry highlighted in red)
10. Open <dshome>\tomcat\webapps\<doc_base>\WEB-INF\classes
directory.
11. Open the repository.properties file in a
text editor such as Notepad.
class=com.xerox.docushare.opencmis.fileshare.DocuShareServiceFactory
#repository.docushare = http://localhost:8080/docushare
#proxy
= www.myproxy.com:8000
12. Verify that the tomcat port # and the docushare
root (doc_base) are the same as what was listed in your Server.xml and
amber.properties files. If required edit respository.properties file with
the correct port number and docushare root to match the values found in the
Server.xml and amber.properties.
13. Remove comment
(#) from line two.
14.
Example before the edit
to line 2. (comment that should be
removed is displayed in red in this example):
class=com.xerox.docushare.opencmis.fileshare.DocuShareServiceFactory
#repository.docushare = http://localhost:8080/docushare
#proxy
= www.myproxy.com:8000
Example after the edit to line 2.
class=com.xerox.docushare.opencmis.fileshare.DocuShareServiceFactory
repository.docushare = http://localhost:8080/docushare
#proxy
= www.myproxy.com:8000
Note: The entries above can have spaces like the
example above, the entries also work without spaces.
Example : repository.docushare=http://localhost:8080/docushare.
15. Start DocuShare.
Option 2: Place
the Web Servers SSL certificate into the DsTrustStore.
Note: You must already have a
copy of the SSL Certificate exported from the WebServer.
To place the certificate .cer file into the
DSTrustStore:
1. Open Windows Explorer and locate the .cer file you exported using the Certificate Export Wizard.
2. Copy the .cer
file and paste into the directory containing the DSTrustStore file.
Example:
<dshome>\jdk1.6.0\jre\lib\security
Where <dshome> is replaced with the
installation directory for DocuShare. Depending
on your installation environment the path may vary. The default installation path during install
is C:\Xerox\Docushare.
3. Open a command prompt window and navigate to the
directory containing dstruststore.
Example:
cd
Xerox\Docushare\jdk1.6.0\jre\lib\security
4. At the command prompt, enter the set PATH command to set the PATH
environment variable. Use set
PATH=%PATH%;\jdk1.6.0\jre\bin.
Example:
set
PATH=%PATH%;C:\Xerox\Docushare\jdk1.6.0\jre\bin
5. After you have set the PATH variable, at the
command prompt, type keytool,
without arguments. The keytool Utility
help appears. The Keytool Utility places
the SSL certificate in the DSTrustStore.
6. At the command prompt, enter the following keytool
utility command and then press Enter.
keytool –import –alias <alias_name> -file
<path/cert_file> -keystore dstruststore
Note: The
Keytool utility places SSL certificate in the DSTrustStore.
Replace <alias_name> with a unique name for the certificate
file.
Replace <path/cert_file> with the name of the certificate
file (.cer) that you exported and copied to the directory containing the
dstruststore file.
For example:
C:\Xerox\Docushare\jdk1.#.0\jre\lib\security\dstruststore\certificate.cer.
Note: Press
Enter to start the command. A request
for a password appears. Enter password and
press Enter. (You can create a password
at this time.)
7. When the Trust
this certificate? [no]: prompt is displayed type yes and press Enter.
Example:
C:\Xerox\Docushare\jdk1.6.0\jre\lib\security>keytool -import
-alias dssql -file SSL_Cert_SQL.cer –keystore dstruststore
Enter keystore password: password
Owner: DOCUSHARE
Issuer: DOCUSHARE
Serial number: 09
Valid from: Sat Jun 09 06:05:10 IST 2012 until: Sun Sep 09
06:05:10 IST 2014
Certificate
fingerprints:
MD5:
SHA1:
Trust this certificate?
[no]: yes
Certificate was added to
keystore
8. Examine the screen output to ensure that Keytool
successfully added the certificate to the keystore.
9. To verify if the certificate has been import
successfully, enter the keytool utility command keytool –list –keystore
C:\Xerox\Docushare\jdk1.6.0\jre\lib\security\dstruststore
Enter keystore password:
Keystore
type: JKS
Keystore provider: SUN
Your keystore contains 2
entries
dssql, Jun 9, 2012,
trustedCertEntry,
Certificate fingerprint (MD5): 05:….
ABCD, Sep 11, 2002,
trustedCertEntry,
Certificate fingerprint (MD5): 48:D8…
Note:
(Important Future Maintenance)
The security certificate has an expiration date and must be updated
before it expires. DocuShare does not
have an automated maintenance process to update the security certificate, so
this must be done manually.
Solution Published: November 5th, 2014
Solution ID: 1581
Keyword: authentication,
ssl
|