Encryption
 		Previous Topic  Next Topic 


ITAnyplace can encrypt the data transfered between the device and the server. The encryption is handled through https connection.

In case of midp, ITAnyplaceHttpClient handles both http and https protocols. If your server implementation is using self-signed certificates, instead of certificates from a valid authority like Verisign, then you need to import that certificate in the client device.

If a self-signed certificate is being used, the user needs to pass the path of the trustedcerts.keystore file as shown below. This file contains the  self-signed certificate of the site and is provided by the site administrator. If the user does not specify the path of the file and leaves it blank "" then the code assumes that the site is using a certificate from a valid authority.

try{
       ITAnyplaceHttpClient client = null;
       HttpURLConnection urlcon = null;
       // Get configuration info for connecting
       try {
               Configuration c = getConfiguration();
               // Now connect to the server and get the response
               client = new ITAnyplaceHttpClient(c);
               //Path of trusted store file.
               String trustedStoreFile = "trustedcerts.keystore"; //Leave it blank if Server is using the certificate of any certified authority like verisign.com
               if(c.getUrl().startsWith("https")){
                       urlcon = client.setup(ITAnyplaceHttpClient.CLIENT_CDC, trustedStoreFile);
               } else {
                       urlcon = client.setup(ITAnyplaceHttpClient.CLIENT_CDC);
               }
       } catch (Exception ex) {
       System.out.println("Problem in making contact with sync servlet " + ex.getMessage());
}catch (Exception ex) {}

How to configure JBoss server

Obtain the certificate in one of the following 2 ways:

  1. Get certificate from a valid CA like Verisign
  2. Generate a self-signed certificate


Put the new certificate in server.xml in JBoss.


How to generate a self-signed certificate for your server

To generate self-signed certificate use javas keytool utility, and then follow the following steps:

  1. Generate CSR
    >keytool -certreq -alias itanyplace -keyalg RSA -file certreq.csr -keystore serverkeys.keystore
  2. Generate a server key as follows:-
    >keytool -genkey -keystore serverkeys.keystore -keyalg rsa -alias itanyplace
    Put your site name in place of your first and last name (localhost),
  3. Copy this keystore file in server/default/conf/
  4. Then make a cert file to export your certificate as follows:-
    >keytool -export -keystore serverkeys.keystore -alias itanyplace  -file server.cert


How to modify server.xml in JBoss

Modify the jboss\server\default\deploy\jbossweb-tomcat55.sar\server.xml file as follows:

    1. Uncomment the following
      <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
    2. And modify it as

<Connector port="8443" address="${jboss.bind.address}"

           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"

           emptySessionPath="true"

           scheme="https" secure="true" clientAuth="false"

           keystoreFile = "${jboss.server.home.dir}/conf/serverkeys.keystore"

          keystorePass="itanyplace" sslProtocol = "TLS" />


How to export the self-signed certificate to your client device

In order to run your client code, you'd need to import the certificate of the Web site into the store of certificates trusted by Java as:-

    1. Make a file as follows and transfer it to the client then client will store it and will provide the information about it in truststore property.
    2. >keytool -import -keystore trustedcerts.keystore -alias itanyplace  -file server.


How to test that encryption has been enabled with your server

Restart your server and test it in the browser by typing https://localhost:8443. You will see a message box displaying information about the certificate.