Page History

On this page

By default, communication between the Magic Collaboration Studio server and client is unencrypted. This page provides information on how to encrypt communication using TLS over TCP.

Generating a key pair using Java Keytool

To enable a secure connection between the client and the server, you need to generate two keystore files, each in their own keystores:

• KeyStore.jks jks (contains key and certificate) – server-side – upload it using Teamwork Cloud Admin console.
• cert.jks (contains public certificate) – client-side – place it in the <Application folder>\certs directoryadd it using the Server Certificates option group in Environment Options.

To generate a key pair

1. Go to your Java your Java directory and open the folder named named bin.

2. Enter keytool  keytool -genkey -alias MyDomain -keyalg RSA -keystore KeyStore.jks -keysize 2048 and press press Enter. 

   Info
   You can give any name to MyDomain and  MyDomain and KeyStore.jks.

3. Enter a password for your keystore and answer the questions asked. A certificate with a key is generated and placed into the keystore. 

4. To extract a certificate without a key, type keytool -export -alias MyDomain -file certificate.cer -keystore KeyStore.jks and press  and press Enter.

5. To place a certificate into another keystore, e.g. cert.jks, type keytool -import -alias MyDomain -file certificate.cer -keystore cert.jks and press press Enter. 

   Info
   You can give any name to to cert.jks. However, by default, the tool searches for this exact name.

   Two keystore files are generated: one for the server (KeyStore.jks) and one for the client (cert.jks). You can now proceed to enable a secure connection between the client (modeling tool) and the server (Magic Collaboration StudioTeamwork Cloud). 

Enabling

TLS encryption on server side

To enable a secure connection to Magic Collaboration Studio, you must enable TLS (Transport Layer Security) on the Teamwork Cloud Admin 's Server Settings page page. This page also allows you to disable the option if you do not need to use a secure connection (see the following figure). You can always enable it whenever necessary. 

Image Removed

Enabling TLS protocol in Magic Collaboration Studio (when the option is turned on, the color changes to orange).

The most straightforward way to set up encryption is to use the keystore generated for Magic Collaboration Studio and/or Web Application Platform. Locate and download the server Java KeyStore (default: <install-root>/MagicCollaborationStudio/TeamworkCloud/configuration/keystore.p12). Make a note of the password used for the KeyStore. If there is a corresponding public certificate (e.g. teamworkcloud.crt) on the server, download it as well. If there is no public certificate, use the following command to extract the public certificate from the Java KeyStore:

keytool -export -alias <teamworkcloud> -keystore <keystore.p12> -file <teamworkcloud.crt>

To enable a secure connection using the TLS protocol in Teamwork Cloud Admin

1. Go to the Settings app.

2. Move the slider to the right to enable the TLS protocol. 

3. Enter a custom port for encrypted communication, or keep default value of 10002.
4. Upload the Java KeyStore Type in the port, upload a Java Key Store file, and type the password.
5. Click Click Save.

Image Added

Enabling TLS protocol in Teamwork Cloud Admin (when the option is turned on, the color changes to orange).

Setting up client-side TLS

To enable a secure connection using the TLS protocol on the client-side, use the Server Certificates tool and provide the public certificate.