By default, the PDFreactor Web Service does not provide SSL and is accessible only via HTTP. If a secure HTTPS connection is required, you can enable SSL in the Jetty server shipped with PDFreactor by following these steps.
What Do You Need?
- A Java KeyStore into which you have imported an appropriate certificate. You need both the keyStore password and the certificate password. See How do I import a certificate into a Java KeyStore?
- The jetty-util JAR to generate password hashes. The JAR is located in the "PDFreactor/webservice/jetty-home/lib" directory.
Enable SSL in Jetty
You can now use the keyStore you created to configure SSL in Jetty. Since you will have to enter the password for your keystore and certificate in the "ssl.ini" file, we recommend creating a hash from your keystore password and certificate password first. You can do this as follows:
java -cp /path/to/PDFreactor/webservice/jetty-home/lib/jetty-util-12.x.x.jar org.eclipse.jetty.util.security.Password yourPassword
Now open the "ssl.ini" file (found in /PDFreactor/webservice/jetty-base-pdfreactor/start.d) and edit/uncomment the following section (if you used the same password for your keystore as well as the certificate, [keystorePasswordHash] and [certificatePasswordHash] will be identical):
#======================== # SSL Configuration #======================== --module=https --module=ssl jetty.ssl.port=8443 jetty.ssl.idleTimeout=30000 jetty.ssl.acceptors=2 jetty.ssl.acceptorQueueSize=100 jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore jetty.sslContext.keyStorePassword=OBF:[keystorePasswordHash] jetty.sslContext.keyManagerPassword=OBF:[certificatePasswordHash] jetty.sslContext.trustStorePassword=OBF:[keystorePasswordHash]
The [keystorePasswordHash] and [certificatePasswordHash] (including the brackets) have to be replaced by the hashes you created using the "org.eclipse.jetty.util.security.Password" as described above. If you are using an MD5 hash of your password or your password in plain text instead, change the "OBF" prefix to "MD5" or remove it.
The configuration assumes that your keystore is located in "PDFreactor/webservice/jetty-base-pdfreactor/etc/keystore" (therefore the configuration file uses the relative paths "etc/keystore"). If your keystore is located somewhere else, you need to adjust the "jetty.sslContext.keyStorePath" and "jetty.sslContext.trustStorePath" accordingly. Make sure the PDFreactor Web Service has sufficient privileges to access the keyStore file.
After you changed the "ssl.ini", restart the PDFreactor Web Service like this:
Windows:
- Go to 'Services'
- Find the 'PDFreactor WebService'
- Restart the service
OS X:
sudo launchctl stop com.realobjects.PDFreactorWebService sudo launchctl start com.realobjects.PDFreactorWebService
Linux/Unix:
sudo /PDFreactor/bin/pdfreactorwebservice restart
After restarting, you can now access the REST API of the PDFreactor Web Service securely at "https://localhost:8443/service/rest".