Using SSL With GreenPepper - GreenPepper Server

HTTPS

You would need to setup your Web Container to server HTTPS requests.

Create a test certificate

I. Generating your key pair

keytool -genkey -alias greenpepper -keyalg RSA -keystore c:\greenpepper.keystore

Be Careful

When keytool will ask you to enter your First and Last name, you have to enter the network machine name (ex: myserver) or the domain name of your server (ex: www.myserver.com) where resides the your web container.

II. Generating a self signed certificate

keytool -selfcert -alias greenpepper -keystore c:\greenpepper.keystore

keytool -export -alias greenpepper -keystore c:\greenpepper.keystore -file c:\greenpepper.cer

III. Importing the certificate to a Certificate Authority store

You have two solutions :

Inside your JVM

The certificate must be imported in the Java Virtual Machine used by tomcat.
Supposing your tomcat JVM location is C:\Program Files\Java\jdk1.6.0_02\

keytool -import -alias greenpepper -file c:\greenpepper.cer -keystore "C:\Program Files\Java\jdk1.6.0_02\jre\lib\security"\cacerts

Default Cacerts password

The default java Cacerts keystore password is "changeit"

Creating a standalone 'cacerts'

keytool -import -alias greenpepper -file c:\greenpepper.cer -keystore c:\greenpepper.cacerts

Adding SSL support for Tomcat with the test certificate

Uncomments the definition of the SSL HTTP/1.0 Connector and specify attribute keystoreFile and keystorePass :

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="c:\greenpepper.keystore"
               keystorePass="[WIP:the password of the keystore]" />

Start tomcat and using your internet browser, navigate to https://www.myserver.com:8443. You should be alerted to accept the certificate.

If you are using Firefox, you should see :

Hint : Select Accept this certificate permanently and click ok

If you are using Internet Explorer, you should see :

Hint : Click on Continue to this web site (not recommended)

Hint : Click on Certificate Error

Hint : Click on View Certificates

Hint : Click on Install Certificate , follow the instructions and restart Internet Explorer when done

Runner Configuration

Java Runner

You would need to tell your runner the location of the trustStore and the password on the command line (Optional if you imported the certificate in the JVM)

java -Djavax.net.ssl.trustStore=c:\greenpepper.cacerts -Djavax.net.ssl.trustStorePassword=[WIP:the password of the trustStore] -mx252m ...

.Net Runner

You only need to accept the certificate when navigating to https://www.myserver.com:8443 using Internet Explorer.

Troubleshooting : if for some reason the .Net runner doesn't work, try C# example from Using Trusted Roots Respectfully. You may need to recompile your the GreenPepper - Open .Net binaries from source.

Confluence / Jira Repository Update

From Confluence / Jira, make sure the base url is using https on port 8443 (goto Adminstration / General Configuration).

For each Confluence Space's Registration repository, click edit and update (without changing anything, the repository url will be updated using the actual base url)
For each Jira Project Registration repository, click edit and update

Using the Eclipse Plugin

If you are using the Eclipse Plugin, you would need to perform the following steps :

Add information about the truststore and password to the eclipse.ini (Optional if you imported the certificate in the JVM)

-Djavax.net.ssl.trustStore=c:\greenpepper.cacerts
-Djavax.net.ssl.trustStorePassword=[WIP:the password of the trustStore]

Change the Server's context path to use https on port 8443

Using the Visual Studio Plugin