29.13. Working with SSL (Secure Socket Layer)
The Red Hat Enterprise Virtualization Manager Java SDK provides full support for HTTP over Secure Socket Layer (SSL) and the IETF Transport Layer Security (TLS) protocol using the Java Secure Socket Extension (JSSE). JSSE has been integrated into the Java 2 platform as of version 1.4 and works with the Java SDK out of the box. On older Java 2 versions, JSSE must be manually installed and configured.
After JSSE is installed, secure HTTP communication over SSL is as simple as plain HTTP communication. However, you must supply the Java SDK with the keystore containing the Red Hat Enterprise Virtualization Manager certificate to enable validation of destination host identities:
Procedure 29.9. Configuring a Java SDK Keystore
- Download the certificate for the Red Hat Enterprise Virtualization Manager from the following address:
https://[your manager's address]:[port]/ca.crt
- Generate the keystore:
keytool -import -alias "server.crt truststore" -file ca.crt -keystore server.truststore
- Make the Java SDK aware of the keystore via one of the following methods:
- Create a keystore lookup path:
mkdir ~/.ovirtsdk/ cp server.truststore ~/.ovirtsdk/ovirtsdk-keystore.truststore
Once ovirtsdk-keystore.truststore is copied to the~/.ovirtsdkdirectory, it will be used for host identity validation upon handshake with the destination host. - Use the following signature when declaring instances of the
Apiclass to specify a custom truststore:Api api = new Api(url, user, password, "/path/server.truststore");
Note
Validation of host identities can also be disabled. This method should not be used for production systems due to security reasons, unless it is a conscious decision and you are perfectly aware of the security implications of not validating host identity. To disable host identity validation, use the following signature when declaring instances of the
Api class:
Api api = new Api(url, user, password, true);