Show Table of Contents
2.3. Configuring SSL
The Red Hat Enterprise Virtualization Manager Java SDK provides full support for HTTP over Secure Socket Layer (SSL) and the IETF Transport Layer Security (TLS) protocol using the Java Secure Socket Extension (JSSE). JSSE has been integrated into the Java 2 platform as of version 1.4 and works with the Java SDK out of the box. On older Java 2 versions, JSSE must be manually installed and configured.
2.3.1. Configuring SSL
The following procedure outlines how to configure SSL using the Java SDK.
Procedure 2.2. Configuring SSL
- Download the certificate for the Red Hat Enterprise Virtualization Manager:
https://[your manager's address]:[port]/ca.crt
- Generate a keystore:
keytool -import -alias "server.crt truststore" -file ca.crt -keystore server.truststore
- Specify the
keyStorePathandkeyStorePasswordarguments when constructing an instance of theApiobject as described in Section 3.1, “Connecting to the Red Hat Enterprise Virtualization Manager”:myBuilder.keyStorePath("/home/username/server.truststore") myBuilder.keyStorePassword("p@ssw0rd")
2.3.2. Host Verification
By default, the identity of the host name in the certificate is verified when attempting to open a connection to the Red Hat Enterprise Virtualization Manager. You can disable verification by passing the following argument when constructing an instance of the
Api class:
myBuilder.noHostVerification(true)
Important
This method should not be used for production systems due to security reasons, unless it is a conscious decision and you are aware of the security implications of not verifying host identity.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.