Communication in WiFi Managers
WiFi Manager by default has HTTPs and HTTP enabled. While
client can be connected to the port 6080 via HTTP under
the normal mode, for the secured mode, you can type HTTPs
in the URL and connect to the port 8443, to open the
webclient. The purpose of having a secured connection
mode is basically to address the following issues:
- Prevent unauthorized users from accessing
information about the network
- Safeguard vital information like alarms,polled
data, etc which can serve as loopholes for
potential hackers.
The above mentioned problems in transmitting secured
data can be resolved by the implementation of the Secured Socket Layer (SSL) mode of communication between the client and the server.
How to enable HTTPs in WiFi Manager an disable HTTP
You can follow these steps to
enable SSL in WiFi Manager :
- Shut down WiFi Manager server if it is running.
- Open the bin files under -Installation
Directory>Adventnet>bin
- Open CheckPortUsedByWiFiManager.bat which shows
the default port for WiFi Manager as 6080. Now
double click on this and change the port value as
8443. Check if it is free and accept this.
- By default, WiFi Manager allows SSL mode in the
application. Hence there is no need to reproduce
the steps for enabling SSL here. The only
operation that needs to be performed here is to
disable the HTTP, so that the application opens
only under HTTPs.
To disable HTTP, you can follow these steps:
- In the file
"<WIFiManager_HOME>/bin/StartWiFiManagerServer.bat",change
the value of "-Ddisable.nonssl" from
"false" to "true".
- In the file
"<WiFiManager_HOME>/conf/wrapper.conf",change
the value of
"wrapper.java.additional.9=-Ddisable.nonssl"
from "false" to "true".
- Comment the following in the file
,"<WiFiManager_Home>/tomcat/conf/backup/server.xml":
<!--
<Connector port="WEBSERVER_PORT"
maxThreads="50"
minSpareThreads="3"
maxSpareThreads="25"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
compression="force"
compressionMinSize="1024"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
/>
-->
You can use the url as below to connect using
SSL:
HTTPs://<HostName of the server machine>:8443
HTTPs://<HostName of the server machine>:8443
Certification Process
SSL uses public key cryptography for authentication
and private negotiation of parameters for encrypting
data. Public key encryption uses a pair of asymmetric
keys for encrypting and decrypting. Each pair has a
public key and a private key. The public key is freely
distributed, whereas the private key is not. Data that
are encrypted with the public key can be decrypted only
with the private key. Conversely, data encrypted with the
private key can be decrypted only with the public key.
Certificate is a digitally signed statement that
vouches for an identity and its public key. It contains
the general information such as subject, public key,
period of validity, issuer name, and signature.
To permit
a webserver to use the HTTPs, a public certificate is to
be created. In such cases, the administrator creates
certificates for users requiring authenticated access. A truststore file is a repository of all created
certificates. It is required to start the server and the
client in the SSL (i.e., HTTPs) mode. You must create a
truststore file in any directory of your local machine
where the WiFi Manager Server is installed.
Incase you wish to obtain a certificate from the Certificate Authority, you will be required to create the Certificate Signing Request, which will be used by the Authority to identify your website as secure.The CSR is created using the genkey command as follows:
<JDK installation path>/bin/keytool -genkey -alias tomcat alais keylag RSA \ -keystore <WiFi Manager Installation Dir> Adventnet/ME/WiFi Manager/tomcat/.keystore
To create CSR file:
<JDK installation path >/bin/keytool -certreq -keylag RSA -alais tomcate -file certeq.csr \ -keystore <WiFi Manager Installation Dir>Adventnet/ME/WiFi Manager/tomcat/.keystore
Using the above , the certificate is created, after which you need to import it into your keystore. But before that, you need to do the following:
- You need to download the certificate from the authority you have applied to
- You need to import the Chain certificate to your Keystore file
- To import the certificate, you can do the following:.
keytool -import -alias root -keystore<your_keystore_filename> \ -trustcacerts -file<filename_of_the_chain_certificate>
4. Import the New certificate :
keytool -import -alias tomcat -keystore<your_keystore_filename> \ -trustcacerts -file<your _certificate_filename >
This completes the process of importing the security certificate into your Truststore File.
|