ASSA ABLOY - Office of Information and Technology · Title CLIQ Remote Server Installation...

Title CLIQ Remote Server Installation Instructions

Category

CLIQ/Web manager Type

Description Author Document number Revision Date Page (of)

ASSA ABLOY Shared Tech ST-001245 7.0 2017-02-22 1 (20)

ASSA ABLOY AB (Shared Technologies)

ASSA ABLOY

CLIQ Remote Server Installation Instructions


Category





Table of Contents

TABLE OF CONTENTS .......................................................................................... 2

1 INTRODUCTION ............................................................................................ 3

1.1 PURPOSE ..................................................................................................... 3 1.2 SCOPE ........................................................................................................ 3 1.3 DEFINITIONS AND ABBREVIATIONS ....................................................................... 3 1.4 REFERENCES ................................................................................................. 4

2 CLIQ WEB MANAGER AND CLIQ REMOTE OVERVIEW ..................................... 5

3 PREREQUISITES ............................................................................................ 7

3.1 APPLICATION PORTS ........................................................................................ 7 3.1.1 PORTS FOR TOMCAT AND APACHE CONNECTION ...................................... 7 3.1.2 PORT FOR PROXY FOR A CERTIFICATE REVOCATION LIST ACCESS ............. 8

3.2 FIREWALL CONFIGURATION ................................................................................ 9 3.3 TLS SERVER CERTIFICATE ...............................................................................10

4 CLIQ REMOTE DATABASE ............................................................................ 11

4.1 INSTALL MICROSOFT SQL SERVER ......................................................................11

5 ADMIN PC ................................................................................................... 12

6 CLIQ REMOTE SERVER ................................................................................. 14

6.1 PREPARING TO INSTALL ...................................................................................14 6.1.1 DIGITAL CONTENT SERVER INTEGRATION ..............................................14 6.1.2 WEB SERVER TLS CONFIGURATION .......................................................14 6.1.3 DATABASE CONFIGURATION .................................................................15 6.1.4 MULTIPLE DNS NAMES FOR THE CLIQ WEB MANAGER ENROLMENT ............15 6.1.5 CREATE WINDOWS ACCOUNTS FOR CLIQ WEB MANAGER SERVICES .........16 6.1.6 SQL SERVER WINDOWS AUTHENTICATION .............................................16 6.1.7 DATABASE PERMISSIONS .....................................................................16

6.2 RUN THE CLIQ REMOTE INSTALLER .....................................................................17 6.3 VERIFY THE INSTALLATION ...............................................................................17

7 TIME SYNCHRONIZATION OF THE SERVERS ................................................ 19

APPENDIX A MAIL SERVER CONFIGURATION USING SMTPS .......................... 20


Category





1 Introduction

1.1 Purpose

This document describes the installation procedure for the CLIQ Remote environment.

1.2 Scope

This document provides instructions for setting up a new installation of the CLIQ Remote

environment. The instructions should not be used for upgrade of existing CLIQ Remote

installation.

Third-party software/hardware and infrastructure configuration might be mentioned but

will not be fully covered in this guide. Refer to the third-party documentation for details.

Installation of the CLIQ Web Manager environment is described in the document [1] CLIQ

Web Manager Server Installation Instructions and is out of scope for this document.

1.3 Definitions and Abbreviations

Expression Description

Apache HTTP Server A widely used Open Source web server.

[CLIQ Server] The path to your CLIQ Remote installation and configuration,

ex: “C:\Program Files\CLIQ Web Manager”.

[DELIVERY_PACKAGE] The path to the unzipped delivery package, e.g.

“C:\installation-7.0”.

CA Certification Authority is an entity which issues digital

certificates for use by other parties. There are many

commercial CA’s that charge for their services. There are also

several providers issuing digital certificates to the public at no

cost. Institutions and governments may have their own CA’s.

C-key Programming key

Master C-key Master programming key

Local PD Programming device connected to computers which access

CLIQ Web Manager. Used for login and programming keys.

Wall PD A programming device that is used to program keys. Are

mounted on walls and are connected to the remote server via

a wired network. The Wall PD enables programming of keys at

a location remote to the administrators that are issuing key

authorisations using CLIQ Web Manger.

Mobile PD Similar to the Wall PD with the difference that it can connect

to the remote server via a mobile network.

NTP Network Time Protocol

Remote PD A generic term for Wall PDs and Mobile PDs.


Category





.war file An archive file holding a web application. The CLIQ Web

Manager and CLIQ Remote web applications are delivered as

.war files.

Microsoft SQL Server

Management Studio

Microsoft SQL Server Management Studio is an SQL Tool for

administering the Microsoft SQL Server Database.

DCS Digital Content Server. Server hosted by ASSA ABLOY

managing digital content and issuing certificates.

Enrolment Application Application handling certificate signing requests. Installed on

the Remote Server. If Remote Service is not used, installed on

Manager Server.

CLIQ Connect CLIQ Connect is a PC Client used to communicate with the

local PD from the CWM web interface and also mobile phone

apps to update keys.

1.4 References

Reference Document

[1] ST-001267-CLIQ Web Manager Server Installation Instructions

[2] ST-001195-CLIQ Web Manager and CLIQ Remote System

Requirements

[3] ST-001861-DCS integrated with CLIQ

[4] ST-001228-CLIQ Web Manager and CLIQ Remote

Troubleshooting Guide


Category





2 CLIQ Web Manager and CLIQ Remote Overview

The picture below outlines the main components in a typical setup of CLIQ Web Manager

with CLIQ Remote.

Installation of the CLIQ Web Manager environment is described in the document [1] CLIQ

Web Manager Server Installation Instructions.

This document covers the installation and/or configuration of the following:

CLIQ Remote Database

o Microsoft SQL Server handling the database

Admin PC

o SQL Server Management Studio populating the database

CLIQ Remote Server


Category





o Apache HTTP Server handling TLS connections acting as a proxy for

Tomcat Application Server

o Tomcat Server running the web application

o CLIQ Web Manager web application configuration

o DCS integration and Enrolment application


Category





3 Prerequisites

Before starting the installation of CLIQ Remote, make sure that you have the required

hardware and software available, see the [2] CLIQ Web Manager and CLIQ Remote

System Requirements document for more information.

Local administration privileges are required to complete the installation successfully.

The installation procedure assumes that the nodes in the environment have their OS

installed and configured and is setup in a network that enables communication between

the nodes according to the figure in the CLIQ Web Manager and CLIQ Remote overview

above.

CLIQ Remote requires several network ports available in operating system. The section

Application ports lists network ports used by the application.

3.1 Application Ports

List of ports occupied by the application depending on product selection is presented in

the table below.

DCS

Integration

Occupied ports and purpose

80 TCP default web traffic

443 TCP CLIQ Web Manager Server and CLIQ Connect PC

traffic

8009 TCP Tomcat and Apache connection

8081 TCP proxy for a certificate revocation list access

80 TCP default web traffic

443 TCP CLIQ Web Manager Server and CLIQ Connect PC

traffic



8081 TCP proxy for a certificate revocation list access

8443 TCP CLIQ Web Manager Enrolment traffic

A change of 80, 443, 8443 ports is not allowed. Remaining ports can be changed after

CLIQ Remote installation is completed. After ports configuration update restart of the

CLIQ Remote and the Apache windows services is required.

3.1.1 Ports for Tomcat and Apache connection

When CLIQ Remote without DCS integration is installed all of traffic between Tomcat and

Apache is handled by port 8009. A change of 8009 port requires following configuration

update:

In the file <installation_directory>\apache\conf\extra\proxy-ajp.conf find lines:

Category





ProxyPass /CLIQRemote ajp://127.0.0.1:8009/CLIQRemote retry=2

ProxyPassReverse /CLIQRemote ajp://127.0.0.1:8009/CLIQRemote retry=2

In the file <installation_directory>\tomcat\conf\server.xml find following lines:



<Connector port="8009" protocol="org.apache.coyote.ajp.AjpNioProtocol" redirectPort="8443"

address="127.0.0.1"/>

In both files change all occurrences of 8009 to desired port number.

When CLIQ Remote with DCS integration is installed part of traffic between Tomcat and

Apache is handled by port 8010 as well. A change of 8010 port requires following

configuration update:

In the file <installation_directory>\apache\conf\extra\proxy-ajp.conf find lines:

ProxyPass /CLIQWebManagerEnrolment ajp://127.0.0.1:8010/CLIQWebManagerEnrolment retry=2

ProxyPassReverse /CLIQWebManagerEnrolment ajp://127.0.0.1:8010/CLIQWebManagerEnrolment

retry=2

In the file <installation_directory>\tomcat\conf\server.xml find following line:

<Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" redirectPort="8443"

address="127.0.0.1" />

In both files change all occurrences of 8010 to a desired port number.

3.1.2 Port for proxy for a certificate revocation list access

8081 is a port for proxy for a certificate revocation list access. A change of that port

requires following configuration update:

In the file <installation_directory>\apache\conf\extra\httpd-ssl.conf find lines:

# URLs to fetch the CRL files from:

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ABLOY_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_Australia_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_China_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_Hong_Kong_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_India_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_Japan_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_New_Zealand_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_ABLOY_Singapore_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_ASSA_CA.txt


Category





SSLCRL_Url http://localhost:8081/dcs/CLIQ_IKON_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Medeco_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Mul-T-Lock_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Ruko_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Shared_Technologies_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_TrioVing_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Tesa_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Keso_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Sargent_CA.txt

SSLCRL_Url http://localhost:8081/dcs/CLIQ_Corbin_Russwin_CA.txt

Listen localhost:8081

In the file <installation_directory>\apache\conf\extra\ proxy-ajp.conf find lines:

<VirtualHost *:8081>

ProxyPass /dcs http://dcscrl.assaabloy.net/

</VirtualHost>

In both files change all occurrences of 8081 to a desired port number.

3.2 Firewall Configuration

The default port for database connection in Microsoft SQL Server is 1433 and the default

port for HTTPS in the web server is 443. Below we assume that you are using these

ports.

Ensure that firewall configuration allows TCP traffic on port 1433, between the Microsoft

SQL Server database and the CLIQ Remote server, and also between Microsoft SQL

Server database and Microsoft SQL Server Management Studio. This is essential for CLIQ

Remote to connect to the Microsoft SQL Server database and to administrate the

database using Microsoft SQL Server Management Studio.

Ensure that firewall configuration allows TCP traffic on port 443 from Remote PDs and the

CLIQ Web Manager server to the CLIQ Remote server. This allows Remote PDs and CLIQ

Web Manager to communicate with CLIQ Remote using the HTTPS protocol.

The Enrolment application will be available for user clients on port 8443. Ensure that this

port can be reached for the clients that will generate their certificate if DCS integration is

enabled.

DCS

Integration

Port to open for traffic on the CLIQ Remote server

443 TCP incoming from CWM

http://localhost:8081/dcs/CLIQ_Corbin_Russwin_CA.txt


Category





443 TCP incoming from remote PDs and CLIQ Connect

80 TCP outgoing to the internet (or another if you use

proxy for connect to internet)

443 TCP incoming from CWM

443 TCP incoming from remote PDs and CLIQ Connect

443 TCP incoming from remote PDs to access enrolment

application when performing certificate enrolment

(assuming that Plug&Play feature is enabled for particular

device)

8443 TCP incoming for user clients to access the enrolment

application

3.3 TLS Server Certificate

The TLS server certificate used by CLIQ Web Manager Enrolment application has to be

issued by a certificate authority (CA) that is trusted by the client web browsers;

otherwise the web browsers cannot authenticate the server. The users will then be

informed by a security warning that the server cannot be trusted.

For this reason it is highly recommended to get this certificate issued by a CA that is

trusted by default by the supported web browsers to avoid configuration at each client.

Examples of such CAs are VeriSign, Comodo and RapidSSL and the product name for this

type of certificate is usually “TLS certificate” or “SSL certificate”.

As the certificate must be issued to the correct server host, e.g.

“cwmenrolment.mycompany.com”, it is only possible to order this certificate from a CA if

you are the legitimate owner of the domain used, in this example “mycompany.com”.

Because web browsers will stop supporting SHA-1 certificates it is highly recommended

to use certificates with SHA-2 signature algorithm.

Address the CA of your choice for instructions on how to purchase a TLS server

certificate. The SSL server certificate is required when installing and configuring the CLIQ

Remote server if using DCS integration.


Category





4 CLIQ Remote Database

This chapter describes the steps to install and configure the software for the CLIQ

Remote Database server.

4.1 Install Microsoft SQL Server

1. Install Microsoft SQL Server according to the instructions provided by

Microsoft.

For security reasons, it is highly recommended to select low privilege

accounts for SQL services during the installation. Required service

permissions for each service can be found in Microsoft SQL Server

documentation.

It’s also recommended for security reasons to use Windows Authentication

mode to enable Windows Authentication and disable SQL Server

Authentication, i.e. disable the built-in SQL Server system administrator

account (sa account).

The collation should be case insensitive.

2. Install the latest Microsoft SQL Server service pack available from Microsoft.

3. Use the SQL Server Configuration Manager to enable the TCP protocol at

port 1433 for both the database server instance configuration and the client

configuration. Disable other protocols.

4. Connect to the SQL Server instance using SQL Server Management Studio

and:

a. Create a new database for CLIQ Remote with a name of your choice.

This name will be referred to as [CLIQRemoteDB] below.

If SQL Server Windows Authentication will be used to connect to

[CLIQRemoteDB], skip remaining steps and see further in chapter:

SQL Server Windows Authentication. Windows authentication is the

recommended connection method.

b. Create a login that CLIQ Remote web application will use to login to

the database server. The login could be either Windows

Authentication or SQL Server authentication, Windows authentication

is recommended. The password must not contain any special

characters.

c. To restrict the SQL login permissions follow the instructions in

chapter: Database permissions


Category





5 Admin PC

This chapter describes the steps to install and configure the software for the Admin PC.

The Admin PC is used to run SQL scripts to create and edit the CLIQ Remote database.

1. Install the SQL Server Management Studio that is provided with the Microsoft SQL

Server installation media.

2. Run SQL Server Management Studio and open a connection to the CLIQ Remote

database, used SQL Server login must at least have the role db_owner in the

CLIQ Remote database.

3. Open and execute each of the SQL scripts located in folder [Delivery

Package]\cliq_remote\update_scripts\ in the order specified below:

a. Create_database_version-1.6.sql *

b. Prepare_database-1.6.sql *

c. Upgrade_from_1.6_to_2.0.sql

d. Upgrade_from_2.0_to_2.2.sql

e. Upgrade_from_2.2_to_2.5.sql

f. Upgrade_from_2.5_to_2.6.sql

g. Upgrade_from_2.6_to_2.9.sql

h. Upgrade_from_2.9_to_2.10.sql

i. Upgrade_from_2.10_to_2.11.sql

j. Upgrade_from_2.11_to_4.0.sql

k. Upgrade_from_4.0_to_5.0.sql

* Some manual editing of this file is required! Follow the instructions in the file. Also note

that the script will NOT work if you have more than one connection to the database when

you execute it. For example, each query window in the “Microsoft SQL Server

Management Studio” has its own connection to the database, so make sure you only

have one query window open. If you still cannot run the script (the script “hangs”), and

think that you might still have multiple connections to your database, you can try to

close any extra connections before executing the script, by executing the statement:

USE master;

GO

ALTER DATABASE <db-name> SET SINGLE_USER WITH ROLLBACK IMMEDIATE

GO

If you do that, you must also revert the operation by executing the following statement

after the scripts are executed:

USE master;

GO

ALTER DATABASE <db-name> SET MULTI_USER

GO


Category






Category





6 CLIQ Remote Server

This chapter describes the steps to install and configure the software for the CLIQ

Remote server.

6.1 Preparing to Install

Before you start the installer, please go through the following. This may help in

understanding the setup.

6.1.1 Digital Content Server Integration

Digital Content Server (DCS) is hosted by ASSA ABLOY AB and it manages and delivers

digital content (certificates, etc.) to the customers securely. You can opt for enabling

enrolment of C-key certificates and other services from the DCS during installation. DCS

is integrated by installing the CLIQ Web Manager Enrolment Application.

6.1.2 Web Server TLS Configuration

The TLS server certificate used by the CLIQ Web Manager Enrolment application must be

purchased from a commonly trusted Certificate Authority of your choice. The other

certificates used by CLIQ Remote are included in the Certificate bundle is provided to you

by your CLIQ Provider.

You will need the following certificate files during the installation. Please note that (b)

and (c) are required only if DCS Integration is enabled:

a) The certificate bundle file (ServerBundle.ccb) from your CLIQ provider.

b) The TLS server certificate file to be used by the Enrolment application that you

have purchased from a trusted Certificate Authority.

c) The TLS private key file for your Enrolment application server created as part of

applying for the TLS server certificate from a trusted Certificate Authority.

It is common that the CA issuing the TLS server certificate is using one or more

intermediate CAs. All these certificates should form a chain from the server certificate

followed by the issuer of the previous certificate and so on up to the root CA certificate,

e.g. Server cert Intermediate CA2 cert Intermediate CA1 cert Root CA cert. The

root CA certificates are usually bundled with the end user’s web browser.

If your TLS server certificate for CLIQ Web Manager Enrolment was issued by an

intermediate CA, append the content of all the intermediate CA certificate files (PEM

format) to the end of your TLS server certificate file. The certificates in the file must be

ordered where the server certificate is first in the file followed by the issuer of the

previous certificate and so on until the last intermediate CA in the chain. The root CA

does not have to be included as it is bundled in the end user’s web browser. The content

of the resulting file should be similar to:

-----BEGIN CERTIFICATE-----

MI…

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MI…

-----END CERTIFICATE-----


Category





The resulting file should be supplied to the installer application during the installation

process.

6.1.3 Database Configuration

While providing database configuration parameters during installation, you can also

provide some additional connection parameters that may be required by your SQL Server

installation.

The text to be entered in the parameters field consists of one or more key-value pairs.

The key and the value are separated by an equals sign (“=”), and if more than one pair

are included in the string, the pairs are separated by semicolons (“;”).

Some parameters that can be configured are listed in the table below.

encrypt If SSL connections are accepted by the database server,

setting this parameter to true will ensure that SSL(TLS) is

used to encrypt all communication between CLIQ Remote

and the database.

trustServerCertificate When using encrypt=true the CLIQ Remote end-point will

trust the SQL Server certificate without validating the

certificate. This is usually required for allowing connections

in test environments, such as where the SQL Server

instance has only a self-signed certificate.

6.1.3.1 SQL Server instance

If more than one MS SQL Server instance are run on the database server, and if the

default instance is not to be used, the instance name can be defined according to

following format: <SQL server hostname>[\instanceName], example:

localhost\MSSQLSERVER2014

6.1.4 Multiple DNS names for the CLIQ Web Manager Enrolment

If DCS integration is enabled and several DNS names are used to access the CLIQ Web

Manager Enrolment they all need to be manually configured in [CLIQ

SERVER]\apache\conf\extra\httpd-ssl-enrolment.conf. If not added the applet will not

load and cannot be used.

In that file, below <VirtualHost _default_:8443> there is a line with the server name,

similar to “ServerName myserver.com:8443”. To support several DNS names, add all

extra server names as server aliases, see example below.

Example) CLIQ Web Manager Enrolment is accessed on server1.mycompany.com,

server2.mycompany.com and server3.mycompany.com

The SeverName might look like this:

ServerName server1.mycompany.com:8443

Then the ServerAlias should be added on the line below like this:

ServerAlias server2.mycompany.com server3.mycompany.com

Or

ServerAlias *.mycompany.com


Category





6.1.5 Create Windows accounts for CLIQ Web Manager services

For security reasons it is highly recommended to run the Windows services for CLIQ Web

Manager with low privilege accounts. During installation of CLIQ Web Manager the

installer application will ask you to specify the accounts to use for both Apache and

Tomcat services. It is possible to select the same account for both services but for higher

security it is recommended to use different accounts.

To create local account(s) follow the steps described below. Alternatively an existing

domain account can be used in such a case follow the instruction in step 2 for the domain

account.

1. Create a local account with the option “User must change password at next login”

unchecked. Memorize account name and its password. Make the account member

of the Users group. The account can be created with the Computer

Management tool by selecting item Local Users and Groups/Users.

2. Grant the newly created account the privilege of

Log on as a service

Act as part of the operating system

Deny log on locally

These privileges can be edited via the Local Security Policy tool by selecting

item Local Policies/User Rights Assignment.

Note, if the above Windows account password is changed then the service password has

to be updated as well, otherwise the CLIQ Web Manager service(s) will stop working. See

the CLIQ Web Manager and CLIQ Remote Operation and Maintenance how to configure

the service password manually.

6.1.6 SQL Server Windows Authentication

When connecting the Tomcat service to the SQL Server database it is recommended to

use Windows authentication, in such case a SQL Server login that is associated to the

Tomcat service account must be created.

Connect to the SQL Server instance using SQL Server Management Studio and:

1. Ensure that the newly created Tomcat service account can be used as a SQL

Server login with Windows authentication in the SQL Server.

2. Create a SQL Server login with Windows Authentication connected to the Tomcat

service user.

3. For database permissions see chapter Database permissions.

6.1.7 Database permissions

It’s recommended to restrict the SQL Server login to following minimum permissions.


Category





1. Select the Login Properties/User Mapping option and check the

[CLIQRemoteDB] database.

2. In the Database role membership for [CLIQRemoteDB] database, check the

roles: db_datareader and db_datawrite.

Note, it is not required that the login is database owner of the [CLIQRemoteDB]

database.

6.2 Run the CLIQ Remote installer

The CLIQ Remote setup is started by running the installer executable. The various

installer steps contain elaborate explanation for the details of configurations required for

the set up. Please refer respective help texts for the input fields. If asked about installing

Microsoft Visual C++ 2015 redistributable, agree to do that and continue the CLIQ Web

Manager installer afterwards.

Note, during installation of CLIQ Remote it is possible that some of anti-virus software

will report a warning message about presence of ncat.exe file in the installation package

(ncat was added to enable sending of Apache logs to external Syslog server). If the

warning notification appears, please see [4] CLIQ Web Manager and CLIQ Remote

Troubleshooting Guide.

6.3 Verify the Installation

To verify that the installation was successful, perform the following steps.

1. Start the Apache service or restart the service if it was already started. If you

use the Apache HTTP Server status monitor in the task bar, it should look like

this when the service has started (you can also check that the service is


Category





started in Windows Administrative Tools -> Services):

2. The application server should be automatically started. An icon for “CLIQ Web

Manager” is installed in the task bar. If needed to stop or start the server,

right click on the icon and select Stop Service or Start Service respectively.

3. Verify that the Application Server can deploy the web application successfully

by examining the log file cliqRemote.log located in the folder [CLIQ

SERVER]\tomcat\logs. Make sure there are no errors logged and that there is

a log entry stating “FrameworkServlet 'remotingHttpInvoker': initialization

completed”.


Category





7 Time Synchronization of the servers

It is very important that CLIQ Web Manager server and CLIQ Remote server

have the same system time, therefore the servers shall be synchronized to an

NTP server.


Category





Appendix A Mail server configuration using

SMTPS

Mail server configuration is available in server.xml file in the tomcat directory

([CLIQ_WEB_MANAGER]/tomcat/conf) on CLIQ Web Manager server.

To enable SMTPS, replace the current mail/Session Resource with below example.

Gmail is used in the given example. Please update the host, port, user and password

values.

<Resource name="mail/Session" auth="Container"

type="javax.mail.Session"

mail.transport.protocol="smtp"

mail.smtp.host="smtp.gmail.com"

mail.smtp.port="465"

mail.smtp.auth="true"

mail.smtp.user="[email protected]"

password="pass"

mail.smtp.starttls.enable="true"

mail.smtp.socketFactory.class="javax.net.ssl.SSLSocketFactory"/>

ASSA ABLOY - Office of Information and Technology · Title CLIQ Remote Server Installation...

Documents

Transcript of ASSA ABLOY - Office of Information and Technology · Title CLIQ Remote Server Installation...