Configuring encryption for FirstSpirit SiteArchitect

The encryption parameters for SiteArchitect are configured as -D properties using the Web Start connection settings on the client side. Configuration is not possible on the server side because the parameters are required to establish the connection successfully and so cannot be loaded from the server.

If the FirstSpirit Server uses a valid certificate (excerpt from the fs-server.conf file, see page Area: SSL Parameters):

fs.ssl.cipherSuites=DEFAULT
fs.ssl.keyStore=/home/server_cert.jks
fs.ssl.keyStorePassword=q1w2e3r4t

the following parameter must be specified in the connection settings for starting SiteArchitect:

-Dfs.ssl.cipherSuites=DEFAULT

If a valid client certificate also has to be used because the fs.ssl.needClientAuth=true parameter has been configured in the fs-server.conf file, the following parameters must be specified in the connection settings for starting SiteArchitect:

-Dfs.ssl.cipherSuites=DEFAULT
-Dfs.ssl.keyStore=/home/user/client_cert.jks
-Dfs.ssl.keyStorePassword=OBF:geheim123

If the SSL handshake does not work with these settings, the integrated logging feature in Java can be enabled by specifying the following parameter (client and server respectively):

-Djavax.net.debug=ssl