[Mifos-developer] SSL certificate for MifosX

284 views
Skip to first unread message

Gurpreet Luthra

unread,
Mar 29, 2013, 9:19:57 AM3/29/13
to Mifos Software Dev List
Hello,

We are investigating on how to make the integrationTests run with server in SSL mode. Right now they run in HTTP mode.

For that, we were thinking of importing the SSL certificate into a keystore, and inform the java integration tests to refer to the keystore -- to indicate this is a trusted certificate. 

But, it seems that the certificate is auto generated each time one runs "tomcatRunWar". Can someone please confirm? If so, we will may need to import the certificate again into the keystore. Can someone tell us the path of the certificate during build time. We searched but could not find it. 

Any tips on this would help. Thanks! 

Regards
Gurpreet

Join the Humanitarian Software Program to help and contribute OpenMRS, RapidFTR, Camfed and MifosX SIP Projects. We are looking for Volunteers!

Keith Woodlock

unread,
Mar 29, 2013, 9:51:05 AM3/29/13
to Mifos software development
Gurpreet,

The tomcat plugin can be configured to use a specific keystore rather than generate new one all the time. This arrived in recent versions of plugin so haven't yet had chance to set it up to use a checked in keystore. 

That would be best route to go and make local dev easier also as shouldn't have to keep adding site as exception to browser.



Sent from my iPhone
------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
Mifos-developer mailing list
mifos-d...@lists.sourceforge.net
Unsubscribe or change settings at:
https://lists.sourceforge.net/lists/listinfo/mifos-developer

Vishwas Babu

unread,
Mar 29, 2013, 9:55:56 AM3/29/13
to Mifos software development
Hi Gurpreet,

With the default configuration we have for the Gradle Tomcat plugin, a new SSL certificate is generated each time the container is started

The source code at https://github.com/bmuschko/gradle-tomcat-plugin/blob/master/plugin/src/main/groovy/org/gradle/api/plugins/tomcat/AbstractTomcatRunTask.groovy  method private void createSSLCertificate(SSLKeystore sslKeystore) (on line 268)...seems to say that the created certificated would be at $project.buildDir/tmp/ssl/keystore

You can also use a specific keysore (wiki at https://github.com/bmuschko/gradle-tomcat-plugin)

The last section of the wiki also has some verbiage on "in-container integration tests as part of my build"

Regards,
Vishwas


Gurpreet Luthra

unread,
Mar 31, 2013, 10:36:12 PM3/31/13
to Mifos software development
Thank you all. This is good information for us to think of next steps. Will reply again once I have done more research on this. 

Regards
Gurpreet

Join the Humanitarian Software Program to help and contribute OpenMRS, RapidFTR, Camfed and MifosX SIP Projects. We are looking for Volunteers!


Keith Woodlock

unread,
Apr 1, 2013, 9:08:40 PM4/1/13
to Mifos software development
Gurpreet,

in https://github.com/openMF/mifosx/commit/f0b526aa53d2ea128ac6eb786f7ec54ee07dbcad I added a keystore file created using the follow keytool command

keytool -genkey -keyalg RSA -alias openmfdevsigned -keystore keystore.jks -storepass openmf -validity 360 -keysize 2048

I updated tomcatRunWar task to point to keystore which means that it now uses that keystore rather than create on each time the server is started up locally during development.

Hopefully now you integration Tests can use this keystore and talk HTTPS rather than HTTP without issue.

Keith.


------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013

Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d

John Woodlock

unread,
Apr 1, 2013, 9:25:54 PM4/1/13
to Mifos software development
Great.

And now after runnning 'gradle tomcatrunwar' for development use there's no longer a need to 'ping' before using the UI (that annoying no connection error doesn't come up).

Is it just fixed for 360 days or forever?

John

Gurpreet Luthra

unread,
Apr 2, 2013, 12:28:25 AM4/2/13
to Mifos software development
Thanks a lot Keith. This is good!! :) 

Regards
Gurpreet

Join the Humanitarian Software Program to help and contribute OpenMRS, RapidFTR, Camfed and MifosX SIP Projects. We are looking for Volunteers!


Keith Woodlock

unread,
Apr 2, 2013, 5:47:09 AM4/2/13
to Mifos software development
The keystore i created had validity period of 360 days but we can re-create it again for much longer period (or probably infinite)

Reply all
Reply to author
Forward
0 new messages