Using SSL With the Loftware Web Listener

Description

This article describes how to configure the Loftware Web Listener using SSL (Secure Sockets Layer) and HTTPS.

Solution

In order to use SSL with the Loftware Web Listener, you must first enable secure sockets on the web server. SSL includes a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private (secret) key known only to the recipient of the message. Instead of using HyperText Transfer Protocol (HTTP), the servlet uses Hypertext Transfer Protocol Secure (HTTPS). With HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that data shared between the two computers remains secure. Once SSL is enabled with the Loftware Web ServletClosed A generic server extension that can be loaded dynamically to expand the functionality of a web server. Servlets are commonly used with web servers and run within a Java Virtual Machine (JVM). Since servlets are all handled by separate threads within the web server process, they are very efficient and scalable. Servlets are supported on all platforms that support Java, and servlets work with all the major web servers. Loftware has developed a servlet called the LPS Web Servlet for use with the WebClient (i-Pull). See also Java Virtual Machine and WebClient (i-Pull)., the Loftware Web Listener is then configured to change the connection information to use SLL.

Requirements

Setup the Loftware Web Listener following the standard steps for use with HTTP and Non-SSL communication. When setup is complete, test to ensure it is functioning as expected before you go through the steps to enable SSL and HTTPS.

How to Configure SSL with the Loftware Web Listener

Described below is one example of configuring a Web Server (in this case Apache Tomcat) to use SSL with the Loftware Web Servlet and the Loftware Web Listener.

Web Servlet Configuration

  1. Stop the LPS.
  2. Stop the Apache Tomcat 6.0.29 Server.
  3. On the computer running the Web Server go to a cmd prompt, change directories to the installed Java bin directory (for example, C:\Java\jre1.6.0_21\bin - the actual directory may vary).
  4. Run the keytool.exe program with these command line switches:
    1. keytool -genkeypair -keysize 2048 -alias servercert -keyalg RSA -dname "CN=MYSERVER,OU=,O=Loftware Inc.,L=Portsmouth,S=NH,C=US" -keypass password -keystore server.jks -storepass password
    2. keytool -genkeypair -alias MYSERVER -keystore MYSERVER.p12 -storetype pkcs12 -keyalg RSA -dname "CN=MYSERVER,OU=,O=Loftware Inc.,L=Portsmouth,S=NH,C=US" -keypass password -storepass password
    3. keytool -exportcert -alias MYSERVER -file MYSERVER.cer -keystore MYSERVER.p12 -storetype pkcs12 -storepass password
    4. keytool -importcert -keystore server.jks -alias MYSERVER -file MYSERVER.cer -v -trustcacerts -noprompt -storepass password
    5. keytool -list -v -keystore server.jks -storepass password 
      Note: Replace MYSERVER with the name of your web server and replace the organizational information and passwords as appropriate.
      Note: The attached batch file can be edited to help automate the process.
  5. Copy the server.jks file into the web server conf directory (for example, "C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\").
  6. Open the C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\ server.xml in an xml editor and edit/uncomment the sections below:
    1. Blocking HTTP
      <ConnectorClosed See Loftware Connector. port="8443" SSLEnabled="true"
        protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" scheme="https" secure="true"
        keystoreFile="${catalina.home}/conf/server.jks" keystorePass="password"
        clientAuth="false" sslProtocol="TLS" />
    2. Non-blocking APR
      <Connector port="8443" SSLEnabled="true"
        protocol="HTTP/1.1"
        maxThreads="150" scheme="https" secure="true"
        keystoreFile="${catalina.home}/conf/server.jks" keystorePass="password"
        clientAuth="false" sslProtocol="TLS" />
      Note: Replace password with the password set above with "-keypass".
  7. Save the changes and restart both LPS and the Tomcat server.

Loftware Web Listener Configuration 

  1. In the Web Listener Configuration Utility select configure connection, change the server from  http:// MYSERVER* to https:// MYSERVER and then shift focus to the port entry.
    It will auto prompt to use port 443, select OK, and then change the entry to 8443.
  2. Select Security info, enable Allow Untrusted Certificates click OK.
  3. This will return you to the configuration window, If you test the connection to the Web Server and Servlet you will now see https:// MYSERVER:8443/loftware/LPSRPT.jsp
  4. Click next, this will test the connection status using the SSL configuration and download the printer configurations.
  5. You are now configured to use the Loftware Web Listener in SSL mode.


* Where   MYSERVER = the name of the server that the web server is running on.

Result

Upon completion of the steps above, the Loftware Web Listener should be fully configured to use SSL and HTTPS.

Article Number

2013089

Versions

 LPS Version 6.0 or later

Environment

Loftware Web Listener connection to LPS.