Versions Compared

Old Version 5

changes.mady.by.user Jonė Š.

Saved on

compared with

New Version Current

changes.mady.by.user Jonė Š.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

On this page

Table of Contents
maxLevel5


By default, communication between the Teamwork Cloud server and client is unencrypted. This page provides information on how to encrypt communication using TLS over TCP.

Enabling TLS encryption on server side

To enable a secure connection to Teamwork Cloud, you must enable TLS (Transport Layer Security) on the Teamwork Cloud Admin's Server Settings page. This page also allows you to disable the option if you do not need to use a secure connection (see the following figure). You can always enable it whenever necessary. The most straightforward way to set up encryption is to use the keystore generated for Teamwork Cloud and/or Web Application Platform. Locate and download the server Java keystore (default: <install_root>/TeamworkCloud/configuration/keystore.p12). Make a note of the password used for the keystore. If there is a corresponding public certificate (e.g. teamworkcloud.crt) on the server, download it as well. If there is no public certificate, use the following command to extract the public certificate from the Java keystore:

Code Block
languagebash
themeDJango
linenumberstrue
keytool -export -alias <teamworkcloud> -keystore <keystore.p12> -file <teamworkcloud.crt>
Info

If you need to generate a new keystore, see Regenerating self-signed keystore.

Info

The unencrypted port (default: 3579) remains active even after encryption is enabled. To prevent unencrypted connections, block the port at the firewall level.


 To enable a secure connection using the TLS protocol in Teamwork Cloud Admin

  1. Go to the Settings app.
  2. Move the slider to the right to enable the TLS protocol. 
  3. Enter a custom port for encrypted communication, or keep default value of 10002.
  4. Upload the Java keystore file, and type the password.
  5. Click Save.

Image Added

Enabling TLS protocol in Teamwork Cloud.

Setting up client-side TLS

To enable a secure connection using the TLS protocol on the client-side, use the Server Certificates tool and provide the public certificate.

Note

The default port for a secure connection is 10002. If you are using another port for a secure connection instead of the default, append the port number to the server name in the Login dialog:

Image Added

Warning

The unecrypted port (3579) remains active even after TLS is enabled. Teamwork Cloud will continue to accept communication through both encrypted and unencrypted ports. Use firewall to disable port 3579 and block unencrypted communication.

Expand
titleGenerating a new key pair
using Java Keytool
manually
To enable a secure connection between the client and the server, you need to generate two keystore files, each in their own keystores:
    KeyStore
    • keystore.jks (contains key and certificate) – server-side – upload it using Teamwork Cloud Admin console.
    • cert.jks (contains public certificate) – client-side –
    place it in the <Application folder>\certs directory

    To generate a key pair
    1. Go to
    your Java
    1. your Java directory and open the folder
    named
    1. named bin.
    2. Enter
    keytool
    1.  keytool -genkey -alias MyDomain -keyalg RSA -keystore keystore
    KeyStore
    1. .jks -keysize 2048 and
    press
    1. press Enter
      Info
      You can give any name to
    MyDomain
    1.  MyDomain and
    KeyStore
    1. keystore.jks.
    2. Enter a password for your keystore and answer the questions asked. A certificate with a key is generated and placed into the keystore. 
    3. To extract a certificate without a key, type keytool -export -alias MyDomain -file certificate.cer -keystore
    KeyStore
    1. keystore.jks
    and press
    1.  and press Enter.
    2. To place a certificate into another keystore, e.g. cert.jks, type keytool -import -alias MyDomain -file certificate.cer -keystore cert.jks and
    press
    1. press Enter
      Info
      You can give any name
    to
    1. to cert.jks. However, by default, the tool searches for this exact name.
      Two
    keystore files
    1. keystore files are generated: one for the server (
    KeyStore
    1. keystore.jks) and one for the client (cert.jks). You can now proceed to enable a secure connection between the client (modeling tool) and the server
    (Teamwork Cloud). 

    Enabling a secure connection to Teamwork Cloud

    To enable a secure connection to Teamwork Cloud, you must enable TLS (Transport Layer Security) on the Teamwork Cloud Admin's Server Settings page. This page also allows you to disable the option if you do not need to use a secure connection
    1. (
    see the following figure). You can always enable it whenever necessary. 

    Image Removed

    Enabling TLS protocol in
    1. Teamwork Cloud
    (when the option is turned on, the color changes to orange
    1. ).

    Setting up TLS in Teamwork Cloud Admin

    To enable a secure connection using the TLS protocol in Teamwork Cloud Admin

  • Go to the Settings app.
    • Move the slider to the right to enable the TLS protocol.
    1.  
  • Type in the port, upload a Java Key Store file, and type the password.
  • Click Save.

    • At this point, you will be able to connect to Teamwork Cloud from the modeling tool via the TLS connection.

    Setting up client-side TLS

    To enable a secure connection using the TLS protocol on the client-side, use the Server Certificates tool.

    Note

    The default port for a secure connection is 10002. If you are using another port for a secure connection instead of the default, append the port number to the server name in the Login dialog:

    Image Removed