Configuring SSL access to TextChart Studio

If you will access TextChart Studio only from the the workstation it's installed on, then setting up access through SSL is probably unnecessary. However, if others will use TextChart Studio from other workstations, i2 recommends configuring SSL connections.

Note: These instructions assume that you are familiar with the general use of SSL certificates and key stores. Following them sets up the internal Jetty server to use SSL with a self-signed certificate. For more advanced use, see Managing SSL keys and certificates.

Enabling SSL for TextChart Studio involves creating a certificate keystore file, setting passwords for the keystore and the keystore manager, and enabling SSL functionality in the conf/studio.properties file:

  1. Use the keytool program from the Java JDK to create a new keystore. Navigate to the etc directory and run the following command:

    keytool -keystore keystore -alias studio -genkey -keyalg RSA

    Answer the questions appropriately for your site, and make a note of the password that you provide for the certificate generation process. When the command finishes, it generates a file named keystore file in the same directory.

    Note: On Microsoft Windows, you might need to add the JDK binary directory to your path in order to run the keytool command. You can do so with a command like this:

    set PATH=%PATH%;"c:\Program Files\Java\jdk1.8.0_65\bin"

    Adjust the path and the version number to match your JDK installation.

  2. Next, you must add the password that you entered during the certificate creation process to the TextChart Studio properties file. So that the password is not visible in plain text, you obfuscate it.

    Run the following command at the command line, substituting the password you entered during the certificate creation process in place of <password>:

    java -cp RosokaStudio.jar org.eclipse.jetty.util.security.Password <password>

    Note: Run this command from the TextChart Studio installation directory.

    The command outputs the obfuscated password to the console. Copy it (including the initial OBF:) for use in the next step.

  3. Open the conf/studio.properties file in a text editor, remove the # signs from the lines below, and enter the port you want to use, the path to the keystore, and the obfuscated passwords as values for the following settings:

    httpsPort=8443
keyStorePath=
keyStorePassword=
keyManagerPassword=

    To prevent unsecured HTTP access to TextChart Studio, comment out or remove the httpPort setting, and then save the modified file.

  4. Restart TextChart Studio.

After making these changes, you can access TextChart Studio on the local workstation at https://localhost:8443/RosokaStudio. (If you changed the port number, you'll need to make the same change to the URL.)

Using a self-signed certificate like this generates a warning when you access TextChart Studio through a web browser. You can instruct your browser to ignore the error and proceed to the page, but to remove it completely you must get your certificate signed by a valid certification authority. See Managing SSL keys and certificates for more information.