Publishing Web services encrypted by HTTPS

iServer, iPortal and iEdge support the third party Web service with https encrypt, publishing as WMS, WMTS, REST and WFS services. When using iServer, iPortal and iEdge agent to publish https services, if the SSL certificate of  https server is provided by some famous certificate provider, and there is built-in client certificate in java, so iServer, iPortal and iEdge do not need to anything to publish the third-party https service. If the  https server use local created SSL certificate, there is no client certificate to verify https server in  java, so you should create client certificate in https server, then provide it to  iServer, iPortal and iEdge to verify.

The following introduces how to create the server certificate on https server, export public key and create client certificate. How to configure client certificate on iServer (iPortal and iEdge):

1. Set the JAVA environment variable on https server. Add the jdk bin to the PATH environment variables.
2. Create the server certificate. Open https server command line.and enter the following orders:

keytool -genkey -alias tomcat -keyalg RSA -dname "cn=localhost,ou=localhost,o=localhost,l=china,st=sichuan,c=cn" -keystore D:\key.keystore

• alias: Used to specify the alias of server certificate.
• keyalg: Asymmetric key algorithm. It can also be changed to other key algorithms supported by keytool.
• dname: Used to set the basic info of created server certificate. cn means to the domain name corresponding to https server.
• keystore: Specify the path and name of server certificate. Here it is D:\key.keystore.

3. Export the public key. Open https server command line.and enter the following orders:

keytool -export -alias tomcat -keystore D:\key.keystore -rfc -file D:/supermap.cer

• alias: The alias of server certificate.
• keystore: The path and name of server certificate.
• file: Specify the path and name of public key. Here it is D:/supermap.cer.

4. Input the following orders in https server to create the key.truststore of client certificate. Used by iServer.

keytool -import -alias tomcat -file D:/supermap.cer -keystore D:/key.truststore

• alias: The alias of server certificate.
• file: The path and name of public key.
• keystore: Specify the path and name of client certificate. Here it is D:/key.truststore.

5. In iServer server, modify the catalina.bat file in %SuperMap iServer_HOME%/bin, that is, add the client certificate (key.truststore) to iServer, used to verify https server identity, as shown below:

Change set JAVA_OPTS=%JAVA_OPTS% -Xms256m -Xmx1536m -XX:MaxPermSize=192m -Xss512k to set JAVA_OPTS=%JAVA_OPTS% -Xms256m -Xmx512m -XX:MaxPermSize=192m -Xss512k -Djavax.net.ssl.trustStore=D:/key.truststore -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=123456

• Djavax.net.ssl.trustStore: Used to specify the path and name of client certificate.
• Djavax.net.ssl.trustStorePassword: The password corresponding to client certificate.

6. When fill in with https server address in  iServer, iPortal and iEdge, https service address uses the domain name, such as https://demo.iserver.com:8443/iserver/services/map-china400/rest.