hi Guys,
hopefully simple questions.
1. how do I use a port other than 8080, I want to test the connection and have one on 8080 and one on 8081. One network, two machines, two installs, one firewall which forwards the ports.
2. is it possible to store the keys in another file rather than certificates.p12. I can see preferences/security/ keystore has the path and name, but it cannot be edited or changed
3. is it possible change the password for the keystore. I can create a certicicates.p12 file with another password (i.e. not test) and save it as certicicates.p12.
I can see "preferences/security/ keystore password" that the password is typed in , but changing it makes no difference. It stays as test and reloading the keystore gives a wrong password error.
thanks
Damon
before to tell you the solution, I wonder why you want different ports on each machine.
You can have 8080 port listening on each machine, what's the problem ?
Your firewall can NAT incoming 8080 to machineA:8080 and incoming 8081 to machineB:8080 ...
or edit jetty/etc/jetty.xml ... :>)
For question 2 and 3. Heller might better explain.
2. is it possible to store the keys in another file rather than certificates.p12. I can see preferences/security/ keystore has the path and name, but it cannot be edited or changed
No, this filename is hardcoded in the server.
3. is it possible change the password for the keystore. I can create a certicicates.p12 file with another password (i.e. not test) and save it as certicicates.p12.
I can see "preferences/security/ keystore password" that the password is typed in , but changing it makes no difference. It stays as test and reloading the keystore gives a wrong password error.
You could change the password of the keystore to any other (using a 3rd party tool) but then you have to change it in the UI, too. There is no way to change the password of the keystore using m-e-c as2.
Regards
Heller
You can't change certificates.p12, but on Linux you can do a soft link to alternate physical file.
ln -s /home/mec/common/prod.p12 /home/mec/AS2/certificates.p12
Why ? Because it is dangerous (I already told it to Heller) when upgrading : the production p12 is overwrited by certificates.p12 in distrib. (You did it once but never after :>) ...)
May be it can be done on Vista, as far soft links exists now if I can remember...
More interesting :
To upgrade easily, do this :
Exemple for b23 to b25 :
(Assuming b23 is installed in /home/mec/AS2b23 directory)
$> cd
$> mkdir AS2b25
install b25 in such directory
Move all 'variable' data, such as database, messages directories and 'common' data, as .p12 and *.xml in
a common directory, for instance :
/home/mec/common/
Create links to common data :
$> cd
$> cd AS2b23
$> ln -sf /home/mec/common/* .
$> cd ../AS2b25
$> ln -sf /home/mec/common/* .
Now both version are using same config and manage same messages.
You can now specify easily wich version to use by linking
production version :
$> cd
$> ln -sf AS2b25 AS2
Your init scripts must reference in such case :
/home/mec/AS2/mec_as2_start.sh and so on...
Want to go back in b23 ?
Stop your AS2 services and :
$> cd
$> ln -sf AS2b23 AS2
restart...
The hint is that you do not risk to overwrite .p12 with one in new distrib.
Worst : the link is replaced by .p12 in new distrib.
In such case, delete .p12 and redo link to 'common/certificates.p12' ...
Stefan,
according to my post before this one, I guess it would be safer to give you test .p12 in next releases under name :
certificates.p12.dist and add in documentation to rename it (if needed) to certificates.p12 .
This to avoid unintentional overwriting of .p12 production file, that can be a disaster !!!
crownedgrouse,
we added a overwrite check in b25 to the installer for several files that contain user specific data to prevent overwriting. But you are right, this works only for windows...
Regards
Heller
Hi Guys
thanks for the great replies.
much appreciated and very informative.
thanks
Damon