Secure Socket Layer (SSL) / HTTP Secure (HTTPS) encrypts network traffic and provides improved security. It is always recommended that a customer enables it if the accesses to the resources are through an open or untrusted network. Once enabled, HTTPS will ensure that all traffic between the client and the server is encrypted.
There are two layers of HTTPS Service, one that forces all connections to the server to go through HTTPS, and one that allows only trusted clients to connect to the server.
Edge Server Supports two protocols, the standard SSL and an improved version of it called the TLS.
Edge Server also supports two different types of certificate stores: the Java Keystore (JKS) or the Public Key Cryptography Standards 12 (PKCS12). It is recommended to use PKCS12 as it is language neutral, and will provide easier portability.
We will go over the following steps:
Launch and Login to SAP Lumira Edge Server as an Administrator.
Copy the certificates created to the folder in to SAP Lumira Edge Server installed machine.
Procedure
Configuring HTTPs service to enable Client Authentication
Client authentication enables a server to check if a client has a certificate before replying to any requests. We have two parts to the client authentication: the server key store and the client certificate.
The client must have any one of the certificates trusted by the server and stored in the keystore, i.e the Certificate Trust List or (CTL hereon in).
Prerequisites
Create a key that can be easily be imported to the browser. The below command will create a .p12 file that can be clicked to install.
Navigate to the directory where keytool.exe is located and execute the below command (usually where the JRE is located, e.g. c:\Program Files\Java\jre6\bin on Windows machines).
keytool -importkeystore -srckeystore <Client Cert name> -srcstorepass password -srcalias <Client Alias> -destkeystore client.p12 -deststoretype PKCS12 -deststorepass password -destalias clientkey -noprompt
keytool -v -list -keystore client.p12 -storetype pkcs12 -storepass password
Then copy the certificate client.p12 to the client machine where you install.
Install the certificate by clicking on it.
Procedure
To work with a certificate, you need to install the certificate to the SAP Lumira JRE keystore. After adding the certificate to the JRE keystore, you can create a connection.
Prerequisites
Procedure
These are the steps to be followed to configure a self-signed certificate with Lumira Desktop for HTTPs connection to SAP Lumira Edge Server:
Open the command prompt in Administrator mode, Navigate to the cacerts folder of Lumira Desktop. Execute the following command
"C:\Program Files\SAP Lumira\Desktop\jre\bin\keytool" -import -file mycert.cer -keystore ".\cacerts" -alias myappcert
Password: changeit.
e. Download the InstallCert program and copy its contents to Lumira Desktop jre/bin/InstallCert (create InstallCert sub-folder manually).
f. In command prompt,navigate to that folder and execute the following command:
..\java -cp . InstallCert <WACS hostname>:<WACS SSL port>
g. The WACS port is the default port (443) and does not have to be specified.
h. Start SAP Lumira desktop, Navigate to File->Preferences->Network Settings
i. In the SAP Lumira Edge section, use HTTPS and the appropriate port number in the URL,
and then click OK.
https://<Lumira Edge server hostname or IP Address>/biprws
User | Count |
---|---|
37 | |
25 | |
17 | |
13 | |
7 | |
7 | |
7 | |
6 | |
6 | |
6 |