Estudios sobre la auditoría externa

Both the Express Server Manager and ExpressZip applications are hosted by the LizardTech Express Server Tomcat service, which is a web server and servlet container for web applications. To disable users from accessing the applications via HTTP, configure Tomcat to use HTTPS only, then configure the Express Server Manager and ExpressZip to use HTTPS.

Configuring Tomcat

Complete the following steps to disable HTTP access for Tomcat:

1. Open the following file in a text editor with administrator or root permissions:

<Installation Directory>\ImageServer\Tomcat\conf\server.xml

2. Delete or comment out the following lines:

<Connector port="8080" protocol="org.apache.coyote.http11.Http 11NioProtocol"

connectionTimeout="20000" redirectPort="8443" />

3. Save the file.

4. Restart Tomcat. For more information, seeStarting and Stopping the Tomcat Serviceon page 77.

Configuring the Express Server Manager

When you perform a task in the Express Server Manager, the Tomcat service communicates internally with the image server. Because the communication is internal and therefore assumed to be secure, Express Server uses HTTP instead of HTTPS. However, if you want to use HTTPS instead, you can modify theExpressServerAdmin.propertiesfile and configure Express Server to use a copy of the web server's SSL certificate. The SSL certificate must be saved in

base64encoding with the following file name:

ca-bundle.crt

For more information on the SSL certificate, refer to your web server's documentation.

Chapter 4: Configuring Express Server

TIP: Most web browser provide a utility for exporting the certificate used by a web page tobase64encoding. If you cannot export a copy of the certificate from the web server, you may navigate to the web page for your server and attempt to export the certificate with the browser.

To use HTTPS only, complete the following steps:

1. Open the following file in a text editor with administrator or root permissions:

<Installation Directory>\ImageServer\Tomcat\conf\ExpressServer Admin.properties

2. Edit the value of theesapibaseline to use HTTPS. For example, you might enter the fol- lowing line:

esapibase=https://localhost/lizardtech/iserv/ows

3. Edit the value of thesslstrictnessproperty or add it to the file.

Thesslstrictnessproperty accepts the following values:

l strict. Tomcat communicates with the image server via HTTPS and only

accepts SSL certificates that have been signed by a trusted certificate authority.

l noverify. Tomcat communicates with the image server via HTTPS and accepts

both self-signed certificates and certificates that have been signed by a trusted cer- tificate authority.

l none. Tomcat communicates with the image server via HTTP.

For example, you might enter the following line:

sslstrictness=noverify

4. Save the file.

5. Place a copy of the SSL certificate used by the web server for HTTPS in the following loc- ation:

<Installation Directory>\ImageServer\etc\

NOTE: For Express Server to read the certificate, the certificate must be named

LizardTech Express Server 9 User Manual

6. Restart Tomcat. For more information, seeStarting and Stopping the Tomcat Serviceon page 77.

Configuring ExpressZip

The ExpressZip application is a client that connects to the Express Server. If you have configured the web server to use HTTPS only, you can modify theExpressZip.propertiesfile and con- figure Express Server to use a copy of the web server's SSL certificate. The SSL certificate must be saved inbase64encoding. For more information on the SSL certificate, refer to your web server's documentation.

TIP: Most web browser provide a utility for exporting the certificate used by a web page tobase64encoding. If you cannot export a copy of the certificate from the web server, you may navigate to the web page for your server and attempt to export the certificate with the browser.

To use HTTPS only for ExpressZip, complete the following steps:

1. Open the following file in a text editor with administrator or root permissions:

<Installation Directory>\ImageServer\Tomcat\conf\ExpressZip.pr operties

2. Edit the value of thewmshostline to use https. For example, you might enter the fol- lowing line:

wmshost=https://local-express-server/lizardtech/iserv/ows

3. Edit the value of thesslstrictnessproperty or add it if it does not exist. The

sslstrictnessproperty accepts the following values:

l strict. ExpressZip connects to the Express Server WMS host via HTTPS and

only accepts SSL certificates that have been signed by a trusted certificate author- ity.

l noverify. ExpressZip connects to the Express Server WMS host via HTTPS and accepts both self-signed certificates and certificates that have been signed by a trusted certificate authority.

l none. ExpressZip connects to the Express Server via HTTP.

Chapter 4: Configuring Express Server

For example, you might enter the following line:

sslstrictness=none

4. Save the file.

5. Place a copy of the SSL certificate used by the web server for HTTPS in the following dir- ectory:

<Installation Directory>\ImageServer\etc\

NOTE: For Express Server to read the certificate, the certificate must be named

ca-bundle.crtand saved inbase64encoding.

6. Restart Tomcat. For more information, seeStarting and Stopping the Tomcat Serviceon page 77.