Skip past navigation linksSecure Global Desktop Administration Guide > Security > Securing the SOAP connections to a Secure Global Desktop server

Securing the SOAP connections to a Secure Global Desktop server

Client applications, such as the browser-based webtop, use the SOAP protocol (over HTTP) to access the web services provided by a Secure Global Desktop server. You should use HTTPS to secure these SOAP connections if you:

Note If you develop your own client, for example because you want to use a different programming language, you need to develop your own methods for securing the SOAP connections. This page gives the general principles you need to implement.

Configuring the client to use HTTPS and trust Secure Global Desktop server certificates

To secure the SOAP connections, the client must be configured to use HTTPS and to trust the X.509 certificates for any Secure Global Desktop servers it connects to. Follow these steps:

  1. Add the X.509 certificates to the certificate store.

    You install server certificates with the keytool application, see the Java 2 SDK Tools and Utilities documentation for details.

    You store the certificates in the certificate store for the Java™ 2 Runtime Environment (JRE) used by the Secure Global Desktop server, /opt/tarantella/bin/jre/lib/security/cacerts.

    You must add the X.509 certificate for each each member of the array. The certificate for each server is stored in /opt/tarantella/var/tsp/cert.pem.

    Run the following command:

    Skip past command syntax or program code/opt/tarantella/bin/jre/bin/keytool -import \
      -file /opt/tarantella/var/tsp/cert.pem \
      -keystore /opt/tarantella/bin/jre/lib/security/cacerts \ 
      -storepass changeit \
      -alias hostname
  2. Change to the webapps/sgd/WEB-INF/classes/com/tarantella/tta/webservices/client/apis directory.
  3. Edit the Resources.properties file.
  4. For each of the web services listed in the properties file, change the URL to an HTTPS URL.
  5. Save the changes to the Resources.properties file.
  6. Restart the web server and JSP container.
  7. Repeat these steps on each member of the array.

Remote hosts

If you have relocated the browser-based webtop to another host, or if you have developed your own applications on another host using the com.tarantella.tta.webservices.client.views package, you must edit both the relocated Resources.properties file and the one on the Secure Global Desktop server.

Web services URLs

In the relocated Resources.properties file, the URLs must be for the Secure Global Desktop server the client application will connect to, for example https://boston.indigo-insurance.com:443/axis/services/rpc/print.

In the Resources.properties file on the Secure Global Desktop host, amend the URLs to https://localhost:443.

Keystores

You have to create two keystores:

For the HTTPS connections to the Secure Global Desktop server, you must create your own keystore on the remote host, using your own JDK. This keystore must contain the Secure Global Desktop server certificate. Add the details of this keystore to the relocated Resources.properties file, by editing the following lines:

Skip past command syntax or program codekeystore=keystore
keystorepass=password

For the HTTPS connections from the Secure Global Desktop server to the remote host, you must install the root certificate for the remote host into the keystore (the cacerts file) for the JRE used by the Secure Global Desktop server. You do this using the keytool application:

Skip past command syntax or program code/opt/tarantella/bin/jre/bin/keytool -import \
-keystore /opt/tarantella/bin/jre/lib/security/cacerts \ 
-storepass changeit \
-file certificate_path \
-alias remote_hostname
Related topics