Versions Compared

Old Version 3

changes.mady.by.user Inga A.

Saved on

compared with

New Version Current

changes.mady.by.user Jonė Š.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

id1318605945

...

id1318605957

...

id1327611214

...

id1318605947

On this page

Table of Contents
maxLevel

...

5


By default, communication between the Magic Collaboration Studio server and client is unencrypted. This page provides information on how to encrypt communication using TLS over TCP.

Generating a key pair using Java Keytool

To enable a secure connection between the client and the server, you need to generate two keystore files, each in their own keystores:

  • KeyStore.

...

  • jks (contains key and certificate) – server-side – upload it using Teamwork Cloud Admin console.
  • cert.jks (contains public certificate) – client-side –

...


To generate a key pair

  1. Go to

...

  1. your Java directory and open the folder

...

  1. named bin.

  2. Enter

...

  1.  keytool -genkey -alias MyDomain -keyalg RSA -keystore KeyStore.jks -keysize 2048 and

...

  1. press Enter

    Info

    You can give any name to

...

  1.  MyDomain and KeyStore.jks.

  2. Enter a password for your keystore and answer the questions asked. A certificate with a key is generated and placed into the keystore. 

  3. To extract a certificate without a key, type keytool -export -alias MyDomain -file certificate.cer -keystore KeyStore.jks

...

  1.  and press Enter.

  2. To place a certificate into another keystore, e.g. cert.jks, type keytool -import -alias MyDomain -file certificate.cer -keystore cert.jks and

...

  1. press Enter

    Info

    You can give any name

...

  1. to cert.jks. However, by default, the tool searches for this exact name.

    Two keystore files are generated: one for the server (KeyStore.jks) and one for the client (cert.jks). You can now proceed to enable a secure connection between the client (modeling tool) and the server (

...

  1. Teamwork Cloud). 

Enabling

...

TLS encryption on server side

To enable a secure connection to Magic Collaboration Studio, you must enable TLS (Transport Layer Security) on the Teamwork Cloud Admin

...

Server Settings

...

 page. This page also allows you to disable the option if you do not need to use a secure connection (see the following figure). You can always enable it whenever necessary. 

Image Removed

Enabling TLS protocol in Magic Collaboration Studio (when the option is turned on, the color changes to orange).
Warning
titleSelf-signed TLS certificate warning

Teamwork Cloud Admin uses TLS (Transport Layer Security) as the security protocol to keep any information you enter on Teamwork Cloud Admin private and secure.

By default, your server generates a TLS certificate and signs it as being valid (self-signed certificate). Unlike a TLS certificate issued by a valid Certificate Authority (CA), the self-signed TLS certificate allows a secure connection to be established but does not verify the authenticity of the server.

Trusted root certificates are embedded into popular browsers such as Firefox and Chrome. They are used to verify all TLS certificates that the browsers encounter. If a certificate is not signed by one of these roots, the browsers display an error or warning message stating that it is untrusted. Thus, when you try to access the server via the self-signed one, you will get an error or warning in your web browser. The following figure below shows an example of the ”TLS certificate not trusted“ warning in Chrome.

Image Removed

A self-signed TLS certificate error in Google Chrome.

This warning tells you the TLS certificate installed on your server was self-signed and cannot be verified by the browser. You may simply let your browser accept it and continue using the server. If you are using Firefox, you can accept it and the error or warning will no longer appear. If you are using Chrome, the error or warning will appear every time you try to access your server.

To permanently mitigate this situation and avoid having the self-signed TLS certificate error or warning appear when accessing your server via TLS, it is recommended that you either:

  • Replace the self-signed TLS certificate with a dedicated one issued by a trusted certificate authority or
  • Establish your own root certificate authority and manually import it to each browser on all workstations.

The most straightforward way to set up encryption is to use the keystore generated for Magic Collaboration Studio and/or Web Application Platform. Locate and download the server Java KeyStore (default: <install-root>/MagicCollaborationStudio/TeamworkCloud/configuration/keystore.p12). Make a note of the password used for the KeyStore. If there is a corresponding public certificate (e.g. teamworkcloud.crt) on the server, download it as well. If there is no public certificate, use the following command to extract the public certificate from the Java KeyStore:

keytool -export -alias <teamworkcloud> -keystore <keystore.p12> -file <teamworkcloud.crt>

 

...

To enable a secure connection using the TLS protocol in Teamwork Cloud Admin

  1. Go to the Settings app.

  2. Move the slider to the right to enable the TLS protocol. 

...

  1. Enter a custom port for encrypted communication, or keep default value of 10002.
  2. Upload the Java KeyStore file, and type the password.

...

  1. Click Save.

...

Image Added

Enabling TLS protocol in Teamwork Cloud Admin (when the option is turned on, the color changes to orange).

Setting up client-side TLS

To enable a secure connection using the TLS protocol on the client-side, use the Server Certificates tool and provide the public certificate.

Note

The default port for a secure connection is 10002. If you are using another port for a secure connection instead of the default, append the port number to the server name in

...

the Login

...

 dialog:

Image Modified

...

id1318605943

Related pages

...