Setup VP Teamwork Server on Secure Connection with Self-Signed Certificate

SSL, short for Secure Sockets Layer, is a protocol for enforcing secure communication via the network.  For Visual Paradigm Teamwork Server users, it is possible to setup such a communication between the client and server to protect their works. In this article, we will go through the steps for preparing a certificate that is expected to be known by those users involved, configuration of VP Teamwork Server, and the setup of clients.

The following software will be used throughout this article.

Preparing self-signed certificate

keytool is a key and certificate management utility. You can run it to generate a signed certificate.

  1. Run the keytool command under the bin folder of JRE:For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSAFor Linux: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

    Launch Keytool

    Launch Keytool

  2. Enter a password for the keystore and press Enter.

    Specify password

    Specify password

  3. Enter the first and last name and press Enter. This will become a part of the https URL.

    Define host

    Define host

  4. Answer the other questions one by one. Finally, confirm the entered information by entering yes and pressing Enter.

    Answer questions for the certificate

    Answer questions for the certificate

  5. Press Enter when being asked for a password for <tomcat>
    Press Enter to specify same password as keystore

    Press Enter to specify same password as keystore

    This generates a .keystore file at the user home folder. For example, C:\Documents and settings\user\.keystore

Setting up VP Teamwork Server

  1. Open %VP_SERVER_HOME%\webserver\conf\server.xml

    Open server.xml

    Open server.xml

  2. Add the following code to the file, under the <Service name=”Catalina”> element.
    <Connectorport=”443″ minSpareThreads=”5″ maxSpareThreads=”75″ enableLookups=”true” disableUploadTimeout=”true”acceptCount=”100″  maxThreads=”200″ scheme=”https” secure=”true” SSLEnabled=”true”keystoreFile=”%path_to_your_keystore_file%” keystorePass=”%your_pass%” clientAuth=”false” sslProtocol=”TLS” protocol=”org.apache.coyote.http11.Http11NioProtocol”/>

    Replace keystoreFile‘s value with they .keystore file path, which is at the user home folder.

    Replace keystorePass‘s value with the password supplied when generating the .keystore file. (Refer to step 2 of the above section)

Editing the Host file

Since the certificate is bound to specific host, machines that need to connect to the server may need to configure the host file to define the mapping of IP/host and name.

Edit host file

Edit host file

For Windows:

  1. open “C:\Windows\System32\drivers\etc\host” with text editor
  2. add a line %server_ip% %your host defined in .keystore%

For Linux

  1. open “/etc/hosts”
  2. add a line %server_ip% %your host defined in .keystore%

Install VP Teamwork Server

If you need to perform server administration such as adding users and projects, follow the steps below.

  1. Start up VP Server by executing %VP_SERVER_HOME%\scripts\bin\startup.bat

    Start up VP Server

    Start up VP Server

  2. Visit https://%host%/ in web browser where %host%is what you supplied as the first and last name when generating the keystore file. (Refer to step 3 of the first section)
    Go to server URL

    Go to server URL

    If you received a notification of the website being certified by an unknown authority (since the certificate is self-signed), select to accept it and proceed.

    Add certification as exception

    Add certification as exception

  3. This enters the server administration page. Configure the server by walking through the on-screen instructions.

    Start Server Configuration

    Start Server Configuration

Running VP Teamwork Client

Teamwork client users should obtain the .keystore file from the administrator in order to connect to the teamwork server via SSL. During SSL communication, the certificate is presented and need to be validated from server. Since the certificate is self-signed, it is not possible to be validated automatically. We need to add the certificate to the trusted keystore in order to make it work. To do this:

  1. Create run_vpuml.vmoptions file inside VP Suite/launcher folder
    Define VM Options File

    Define VM Options File

    For other standalone product, change the file name of vmoptions to the product you are using

  2. Enter -Djavax.net.ssl.trustStore=%path_to_your_keystore% in vmoptions file. Note that it is NOT required to quote the path. Quoting the path may lead to unable to connect to server.

    Define keystore location in VM Options

    Define keystore location in VM Options

  3. Run VP Suite/launcher/run_vpuml.exe to start the product.
  4. Login to the Teamwork Server. Make sure https:// and port 443 is used in the URL in order to connect to server over SSL.

    Secure login for Teamwork Client

    Secure login for Teamwork Client

Related Articles

1436 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply