Protect MashZone NextGen Event Service access

You can use your own keystore and truststore to protect MashZone NextGen Event Service of unauthorized access.

After the installation, MashZone NextGen uses a default keystore and truststore. For security reason we recommend to change that configuration for production environments. Please make sure that the truststore, referenced by Event Service, contains the appropriate certificate for the key, referenced by MashZone NextGen. Event Service is only available if the configuration is valid.

If multiple MashZone NextGen nodes are used in a clustered scenario, it is recommended to use the same key for all MashZone NextGen instances.

The default keystore and truststore are located in the common and conf folders of the MashZone NextGen installation.

For authentication MashZone NextGen webapp sends an HTTP header "Authorization" with "Bearer [JWT]" as value.

Procedure

  1. Edit the following parameters, used by MashZone NextGen, to use your own keystore file to generate the JWT required for authentication.

    jwt.keystore.file

    jwt.keystore.passwd

    jwt.keystore.alias

    The parameters are contained in the presto.config file in the following directory.

    <MashzoneNG_install>\apache-tomcat\webapps\mashzone\WEB-INF\classes\

  2. Edit the following parameters, used by Event Service, to use your own truststore file to verify the JWT.

    rtbs.truststore.file

    rtbs.truststore.passwd

    The parameters are contained in the rtbs.properties file in the following directory.

    <MashzoneNG_install>\rtbs\conf\