Setup VP Teamwork Server on Secure Connection with Self-Signed Certificate

SSL, short for Secure Sockets Layer, is a protocol for enforcing secure communication via the network.  For Visual Paradigm Teamwork Server users, it is possible to setup such a communication between the client and server to protect their works. In this article, we will go through the steps for preparing a certificate that is expected to be known by those users involved, configuration of VP Teamwork Server, and the setup of clients.

The following software will be used throughout this article.

• JDK 1.6
• Visual Paradigm Teamwork Server
• Visual Paradigm for UML (note: SSL can be established for other VP client products such as Logizian and AG)

Preparing self-signed certificate

keytool is a key and certificate management utility. You can run it to generate a signed certificate.

1. Run the keytool command under the bin folder of JRE:For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSAFor Linux: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
   

   Launch Keytool

2. Enter a password for the keystore and press Enter.
   

   Specify password

3. Enter the first and last name and press Enter. This will become a part of the https URL.
   

   Define host

4. Answer the other questions one by one. Finally, confirm the entered information by entering yes and pressing Enter.
   

   Answer questions for the certificate

5. Press Enter when being asked for a password for <tomcat>
   

   Press Enter to specify same password as keystore

   This generates a .keystore file at the user home folder. For example, C:\Documents and settings\user\.keystore

Setting up VP Teamwork Server

1. Open %VP_SERVER_HOME%\webserver\conf\server.xml
   

   Open server.xml

2. Add the following code to the file, under the <Service name=”Catalina”> element.
   

   <Connectorport=”443″ minSpareThreads=”5″ maxSpareThreads=”75″ enableLookups=”true” disableUploadTimeout=”true”acceptCount=”100″  maxThreads=”200″ scheme=”https” secure=”true” SSLEnabled=”true”keystoreFile=”%path_to_your_keystore_file%” keystorePass=”%your_pass%” clientAuth=”false” sslProtocol=”TLS” protocol=”org.apache.coyote.http11.Http11NioProtocol”/>

   Replace keystoreFile‘s value with they .keystore file path, which is at the user home folder.

   Replace keystorePass‘s value with the password supplied when generating the .keystore file. (Refer to step 2 of the above section)

Editing the Host file

Since the certificate is bound to specific host, machines that need to connect to the server may need to configure the host file to define the mapping of IP/host and name.

Edit host file

For Windows:

1. open “C:\Windows\System32\drivers\etc\host” with text editor
2. add a line %server_ip% %your host defined in .keystore%

For Linux

1. open “/etc/hosts”
2. add a line %server_ip% %your host defined in .keystore%

Install VP Teamwork Server

If you need to perform server administration such as adding users and projects, follow the steps below.

1. Start up VP Server by executing %VP_SERVER_HOME%\scripts\bin\startup.bat
   

   Start up VP Server

2. Visit https://%host%/ in web browser where %host%is what you supplied as the first and last name when generating the keystore file. (Refer to step 3 of the first section)
   

   Go to server URL

   If you received a notification of the website being certified by an unknown authority (since the certificate is self-signed), select to accept it and proceed.

   

   Add certification as exception

3. This enters the server administration page. Configure the server by walking through the on-screen instructions.
   

   Start Server Configuration

Running VP Teamwork Client

Teamwork client users should obtain the .keystore file from the administrator in order to connect to the teamwork server via SSL. During SSL communication, the certificate is presented and need to be validated from server. Since the certificate is self-signed, it is not possible to be validated automatically. We need to add the certificate to the trusted keystore in order to make it work. To do this:

1. Create run_vpuml.vmoptions file inside VP Suite/launcher folder
   

   Define VM Options File

   For other standalone product, change the file name of vmoptions to the product you are using

2. Enter -Djavax.net.ssl.trustStore=%path_to_your_keystore% in vmoptions file. Note that it is NOT required to quote the path. Quoting the path may lead to unable to connect to server.
   

   Define keystore location in VM Options

3. Run VP Suite/launcher/run_vpuml.exe to start the product.
4. Login to the Teamwork Server. Make sure https:// and port 443 is used in the URL in order to connect to server over SSL.
   

   Secure login for Teamwork Client

Related Articles

• How to update VP Server to new build
• How to deploy VP Server to Apache Tomcat as WAR
• How to modify default port used by VP Server