Net4Care – The Net4Care Ecosystem Platform

Using self-signed certificates for HTTPS security

This tutorial explains how to create a self-signed SSL security certificate and implement it in the Net4Care server. Note that the self-signed certificated are to be used for testing purposes. A production SSL certificate should be signed by a verified certificate authority (CA). A more detailed guide on how to create SSL certificates cane be found here

A self-signed certificate for Net4Care server is created and installed using the following steps:

Create the the certificate.

To create the SSL certificate, run the following command in a terminal:

 keytool -keystore keystore -alias jetty -genkey -keyalg RSA

keytool will ask for some additional information to attach to the certificate.

 $ keytool -keystore keystore -alias jetty -genkey -keyalg RSA
 Enter keystore password:  
 Re-enter new password: 
 What is your first and last name?
   [Unknown]:  net4care.dk
 What is the name of your organizational unit?
   [Unknown]:  net4care
 What is the name of your organization?
   [Unknown]:  Caretech Innovation
 What is the name of your City or Locality?
   [Unknown]:  
 What is the name of your State or Province?
   [Unknown]:  
 What is the two-letter country code for this unit?
   [Unknown]:  dk
 Is CN=net4care.dk, OU=net4care, O=Caretech Innovation, L=Unknown, ST=Unknown, C=dk correct?
   [no]:  y

 Enter key password for <jetty>
        (RETURN if same as keystore password):

This will create a file called keystore that is the certificate file.

Install the SSL certificate

The Net4Care HTTPS configuration is in (root)/n4c_osgi/n4c_receiver/pom.xml. The following is an example except:

 <properties>
       [...]
        <org.apache.felix.https.enable>true</org.apache.felix.https.enable>
        <org.apache.felix.http.enable>false</org.apache.felix.http.enable>              
        <org.osgi.service.http.port.secure>8443</org.osgi.service.http.port.secure>
        <org.apache.felix.https.keystore>../resources/keystore</org.apache.felix.https.keystore>
        <org.apache.felix.https.keystore.password>abc123</org.apache.felix.https.keystore.password>
       [...]
 </properties>

The first two lines enables HTTPS and disables HTTP while the next lines defines the port for HTTPS. The path to the keystore is ../resources/keystore (relative to the working directory of the Net4Care server) and the password for the keystore is abc123.

Run the Net4Care server

Start the Net4Care server. When the server is running, a message that Jetty has started and the ports that the servers is running should appear close to the end of the maven output:

Welcome to Apache Felix Gogo

[...]

[Jetty HTTP Service] INFO org.apache.felix.http.jetty - Started jetty 6.1.x at port(s) HTTPS:8443
[FelixStartLevel] INFO org.net4care.receiver.delegate.StandardHttpServlet - Net4Care observation server started on /observation

The server can now be tested by browsing to https://localhost:8443/observation/.

Since the certificate in self signed, you will have to manually accept the certificate in the browser.