Re: [SGD-Users] How to make Https connection on SGD

Sat, 18 Nov 2006 02:52:10 -0800 

Hi Rick ,
Thanks for the make https guide on sgd , now i can use https on my member array , next , i will try also firewall forwading ,i am still trouble shoot securing Sop connection on another member array . 

Regards

Hadi


Rick Butland wrote:

Nyohadi,

   What're the following messages about?

chgrp: /opt/tarantella/var/tsp: Not owner
chgrp: cert.pem: Not owner
chgrp: key.pem: Not owner
chgrp: csr.pem: Not owner

Anyway, the normal sequence of events to achieve what you're doing.

Install SGD Security Pack
# tarantella security certrequest
# tarantella security selfsign
# tarantella security start
# tarantella security webserver restart --ssl


At this point, you should be able to connect to the webserver on port 
443, with AIP now connecting over port 5307 - don't proceed until this 
works.

If you want to setup firewall forwarding from here:


change your httpd.conf file to alter the "Listen" port to the loopback 
- that is, change "Listen 443" to "Listen 127.0.0.1:443"

Change "array-port-encrypted" to 443
Change "security-firewallurl" to "https://127.0.0.1:443";
Restart the webserver with "tarantella webserver restart --ssl"

Restart SGD services - you'll get an warning about not being able to 
bind to all interfaces on 443 - this is normal.



See here:  
http://docs.sun.com/source/819-4309-10/en-us/tsp/indepth/firewall_traverse.html 




You probably don't need to worry about "Securing SOAP connections" 
since it's a local connection.  And unless your hostname from the 
client pov is different from your local hostname, you don't need to 
change the external DNS name - that is, if the client can resolve the 
hostname you installed (Peer DNS Name) you don't need to change this.




    Nyohadi wrote:

Dear Tillmann ,


        I have problem on test connection use https ://sgdserver or 
https ://sgdserver:443 , on web browser says unable to connect  and i 
am try  also telnet  sgdserver  443  but  refused  by sgd server  , I 
am follow URL , and follow on screen installation and here my log 
configuration :


[EMAIL PROTECTED] # ./TarantellaWebServer stop
[EMAIL PROTECTED] # ./Tarantella stop
[EMAIL PROTECTED] # ./TarantellaWebServer start --ssl
Starting Tomcat servlet container...

Using CLASSPATH:     
/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8/bin/bootstrap.jar:/opt/tarantella/bin/jdk.spso_1.5.0_06-erdist/lib/tools.jar 

Using CATALINA_BASE: 
/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8
Using CATALINA_HOME: 
/opt/tarantella/webserver/tomcat/5.0.28_axis1.2final_jk1.2.8

Using JAVA_HOME:     /opt/tarantella/bin/jdk.spso_1.5.0_06-erdist
...OK
Starting Apache web server...

/opt/tarantella/webserver/apache/1.3.33_mod_ssl-2.8.22_openssl-0.9.7e_jk1.2.8/bin/apachectl 
start: httpd started

...OK
[EMAIL PROTECTED] # ./Tarantella start
Starting Secure Global Desktop server (version 4.20.983). Please wait...
Secure Global Desktop services are now available on this host.

Log installation
Running tsp/resources Setup script...
...OK
Successfully installed Sun Secure Global Desktop Software Security Pack
for SPARC Solaris 2.8+ <ttasecure>

-------------------------------------------------------------------------- 


What you must do next

-------------------------------------------------------------------------- 

IMPORTANT: Installing the Sun Secure Global Desktop Security Pack 
does *not*

           enable secure (SSL) connections.


For each host on which the Sun Secure Global Desktop Security Pack is 
installed, a valid

X.509 certificate is required before secure connections are available.

The Secure Global Desktop Administration Guide contains full information
about using the Sun Secure Global Desktop Security Pack.
See "Getting started with the Sun Secure Global Desktop Security Pack".

Installation of <ttasecure> was successful.

[EMAIL PROTECTED] # ./tarantella security selfsign

A self-signed certificate has been generated and installed.
To enable SSL connections, use 'tarantella security start'.

Users will be prompted to trust this certificate. To stop the prompts,
install the certificate as the custom Certificate Authority:
tarantella security customca --rootfile /opt/tarantella/var/tsp/cert.pem


IMPORTANT: Self-signed certificates should be used for TEST PURPOSES 
only.


chgrp: /opt/tarantella/var/tsp: Not owner
chgrp: cert.pem: Not owner
chgrp: key.pem: Not owner
chgrp: csr.pem: Not owner


[EMAIL PROTECTED] # more strap.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html><head>
<!-- $Id: strap.html,v 1.28 2004/05/11 20:44:51 peterc Exp $ -->
<title>State applet</title>
<base href="%%BASE%%">
<SCRIPT LANGUAGE="JavaScript">
function startTimer()
{
  setTimeout("testArchive()", 50);
}
function testArchive()
{
  if (navigator.appName == "Microsoft Internet Explorer")
  {
    try
    {
      var papp = document.applets["JDK12Probe"];
      papp.isDisplayable();
      return;
    }
    catch (isJDK11Excp)
    {
    }
    try
    {
      var app = document.applets["Tarantella Framework"];
      app.isActive();
    }
    catch (duNotInitExcp)
    {
      top.location="%%INSTURL%%cgi-bin/ttacab.cgi";
    }
  }
}
</SCRIPT>
</head>
<body bgcolor="white" onLoad="startTimer()">

<applet width="1" height="1" name="JDK12Probe" 
code="java.applet.Applet">

</applet>

<!--

The contents of this file must be language independent!

This applet immediately loads a new document in a named frame (here

WebtopFrame), which will be something like: 
../logintheme/clientcap/index.html


The logintheme is determined from the appropriate attribute in the
datastore.

-->

<ttaapplet archive="tta" name="Tarantella Framework" 
code="com.tarantella.tta.client.applets.BootStrapShell" width="1" 
height="1">

  <param name="DoLogin" value="Yes">
  <param name="TargetFrame" value="WebtopFrame">
  <param name="AsadPort" value="%%ASADPORT%%">
  <param name="AnonLogin" value="%%ANONLOGIN%%">
  <param name="InitialPage" value="%%PAGE%%">
  <param name="ProxyServer" value="%%PROXY%%">
  <param name="ProxyFrame" value="StateFrame">
  <param name="LoginTheme" value="%%LOGINTHEME%%">
  <param name="Locale" value="%%LOGINLOCALE%%">
  <param name="AsadKeepAlive" value="30">
</ttaapplet>

</body>
</html>

*apache config httpd.conf*

## SSL Virtual Host Context
##
<VirtualHost _default_:443>
Listen localhost:443

*From your guide *

1. ./tarantella config edit 
--tarantella-config-server-bindaddresses-external <servername>   *for 
servername ,jus in case i dont have binaddresses-external server or 
ip , can i put local server name or sgd server name

*
  2.

./tarantella config edit --server-dns-external '*:<servername wie im 
Zertifikat>'
     *just in case i am not yet use external can i put sgdserver name 
here ?*



     Thanks for advise me.


Regards


HAdi  







Tillmann Basien wrote:

install the tarantella security pack.

TAB

Nyohadi schrieb:

Dear Tillmann ,


          I try to configure base on your website , but i am not 
found option ./tarantella security on my sgd server :


[EMAIL PROTECTED] # ./tarantella security certrequest

Usage: tarantella <command> [<command-specific args>]

  Available commands:

  archive            Archives the server's log files

  array              Creates and manages arrays of Secure Global 
Desktop servers

  arraymanager       Starts Array Manager

  config             Edits array-wide and server-specific 
configuration

  emulatorsession    Lists and controls emulator sessions
  help               Displays this list of commands

  license            Adds, lists and removes Secure Global Desktop 
license keys

  object             Manipulates objects in the datastore
  objectmanager      Starts Object Manager
  passcache          Manipulates the password cache
  print              Controls Secure Global Desktop printing services
  query              Examines the server's log files
  restart            Restarts Secure Global Desktop services

  role               Configures role occupants and their extra 
webtop links

  setup              Changes Setup options, restores original objects
  start              Starts Secure Global Desktop services

  status             Shows the current status of Secure Global 
Desktop array members

  stop               Stops Secure Global Desktop services
  tscal              Lists, frees and returns Terminal Services CALs
  uninstall          Uninstalls Secure Global Desktop from this host

  version            Displays versions of installed Secure Global 
Desktop packages

  webserver          Controls the Secure Global Desktop Web Server
  webtopsession      Lists and controls webtop sessions

  Use "tarantella <command> --help" to get help on a command.

             Another question is what do you means by this word "
*<br>Eventuell Anpassung des Hostnamens im Zertificat vornehmen .


*Regards

Hadi

 
Tillmann Basien wrote:

Here you find the steps to get TTA Secure:
http://www.tbsol.de/de/modules/news/article.php?storyid=58


Nyohadi schrieb:

Dear SGD user  ,


          How to make secure connection from browser to SGD 
server ? , because by default instalation only use http not HTTPS.



Regards

Hadi

_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users




--

*Tool Box Solution GmbH*

Geschäftsführer Tillmann A. Basien


 


Balinger Straße 37A

D-70567 Stuttgart


 


Fon: +49 (0) 711 71 68 631

Hy : +49 (0) 173 87 38 987

Fax: +49 (0) 711 45 70 899

*** Member of "Tarantella Brotherhood" ***


 

mailto:[EMAIL PROTECTED] / http://www.tbsol.de  
<http://www.tbsol.de>HRB: 23711



 

 

This message and any files or documents attached are strictly 
confidential or otherwise legally protected. It is intended only 
for the individual or entity named. If you are not the named 
addressee or have received this email in error, please inform the 
sender immediately, delete it from your system and do not copy or 
disclose it or use it for any purpose. Please also note that 
transmission cannot be guaranteed to be secure or error-free.







--

*ToolBox Solution GmbH*

Geschäftsführer Tillmann A. Basien


 


Balinger Straße 37A

D-70567 Stuttgart


 


Fon: +49 (0) 711 71 68 631

Hy : +49 (0) 173 87 38 987

Fax: +49 (0) 711 45 70 899

*** Sun Microsystems OEM Partner ***


 

mailto:[EMAIL PROTECTED] / http://www.tbsol.de  <http://www.tbsol.de>HRB: 
23711



 

 

This message and any files or documents attached are strictly 
confidential or otherwise legally protected. It is intended only for 
the individual or entity named. If you are not the named addressee 
or have received this email in error, please inform the sender 
immediately, delete it from your system and do not copy or disclose 
it or use it for any purpose. Please also note that transmission 
cannot be guaranteed to be secure or error-free.




------------------------------------------------------------------------

_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users

  






_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users






















					Reply via email to