Spotfire® Server and Environment - Installation and Administration

Configuring Spotfire Server to require client certificates for HTTPS

This procedure configures the server to require a valid user certificate for all connections.

About this task

This is done by editing the server.xml file.

Before you begin

You have performed the first three steps in the topic Authentication using X.509 client certificates.

Procedure

  1. Open the following configuration file in an XML editor or a text editor: <server install dir>/tomcat/conf/server.xml.
  2. Locate the section containing the configuration for the HTTPS connector: 
      <Connector port="443"
               maxHttpHeaderSize="65536"
               connectionTimeout="30000"
               enableLookups="false"
               URIEncoding="UTF-8"
               disableUploadTimeout="true"
               server="Spotfire Server"
               compression="on"
               compressibleMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml"
               keepAliveTimeout="30000"
               maxKeepAliveRequests="-1"
               maxThreads="2000"
               SSLEnabled="true"
               scheme="https"
               secure="true">
      <SSLHostConfig certificateVerification="none"
                     truststoreFile="./certs/[server hostname].jks"
                     truststorePass="changeit"
                     truststoreType="jks"
                     sslProtocol="TLS"
                     protocols="TLSv1.2"
                     honorCipherOrder="true"
                     ciphers
			...
        <Certificate certificateKeystoreFile="./certs/[server hostname].jks"
                     certificateKeystorePassword="changeit"
                     certificateKeystoreType="jks"
                     certificateKeyAlias="[server hostname]" />
      </SSLHostConfig>
    </Connector>
  3. Update the truststoreFile parameter with the name of the keystore file containing the CA certificate(s).
  4. Set the truststorePass parameter to the password for the keystore file containing the CA certificate(s).
  5. Set the truststoreType parameter to jks for a Java keystore or pkcs12 for a PKCS #12 keystore.
  6. Set the certificateVerification parameter to required.
Copyright © Cloud Software Group, Inc. All rights reserved.