Introduction / FirstSpirit Server configuration / Additional security measures / Parameterizing encryption / Configuring servlets and web applications

Configuring encryption in web applications and servlets

Table of contents

For a detailed description of the encryption parameters, see FirstSpirit-Server / SSL Parameters.

The encryption parameters must be transferred to the configuration for the relevant web applications and servlets. This can be achieved in various ways.

via the system environment

Depending on the operating system, encryption can be configured directly on the application server using parameters that are specific to the operating system.

In a Windows environment (for example) via:

set FIRSTSPIRIT_ENCRYPTION=1                                
set FS_SSL_PROTOCOLS=TLSv1.2                                
set FS_SSL_CIPHER_SUITES=DEFAULT
set FS_SSL_NEED_CLIENT_AUTH=TRUE
set FS_SSL_KEY_STORE=/HOME/SERVER_CERT.JKS 
set FS_SSL_KEY_STORE_PASSWORD=q1w2e3r4t

In a Linux environment (for example) via:

export FIRSTSPIRIT_ENCRYPTION=1
export FS_SSL_PROTOCOLS=TLSv1.2
export FS_SSL_CIPHER_SUITES=DEFAULT
export FS_SSL_NEED_CLIENT_AUTH=TRUE
export FS_SSL_KEY_STORE=/HOME/SERVER_CERT.JKS
export FS_SSL_KEY_STORE_PASSWORD=q1w2e3r4t

via the Java environment

as a -D Java property, e.g. using:

-Dfirstspirit.encryption=1
-Dfs.ssl.protocols=TLSv1.2
-Dfs.ssl.cipherSuites=DEFAULT
-Dfs.ssl.needClientAuth=true
-Dfs.ssl.keyStore=/home/server_cert.jks       
-Dfs.ssl.keyStorePassword=q1w2e3r4t

via the servlet configuration

For specific applications, encryption can also be configured using servlet context parameters (in web.xml), e.g.:

<context-param>
  <param-name>firstspirit.encryption</param-name>
  <param-value>1</param-value>
</context-param>
<context-param>
  <param-name>fs.ssl.protocols</param-name>
  <param-value>TLSv1.2</param-value>
</context-param>
<context-param>
  <param-name>fs.ssl.cipherSuites</param-name>
  <param-value>DEFAULT</param-value>
</context-param>

Evaluation order

The following evaluation order applies here (from highest priority to lowest priority):

  1. Configuration of the parameter via the Java environment
  2. Configuration of the parameter via the system environment         
  3. Configuration of the parameter via the web.xml file

As an alternative to the FirstSpirit keystore parameters, the Java keystore parameters can be used instead.

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.4 | Data privacy