Configuring HTTPS for Management Station

This topic provides basic guidance on configuring Management Station when setting up secure SSL communications. This procedure is not limited to Dragon Voice users:  any installation with Management Station can use this procedure. For an overview of SSL setup, see Securing connections with SSL/TLS.

Note: Setting up Management Station for HTTPS involves industry-standard mechanisms that are not controlled by the Speech Suite installation. You can use resources such as the Apache Tomcat documentation on SSL/TLS configuration to determine your specific needs.

Configuring HTTPS using a script

When you run the httpsconfig.bat (Windows) or httpsconfig.sh (Linux) script, the script creates a keystore, adds a self-signed certificate to it, adds the keystore information to server.xml , configures the web.xml, and restarts Management Station.

  1. Open a SSH client such as PuTTY.
  2. Navigate to the $MSTATION_HOME/mserver/webapps/mserver/scripts directory on the Management Station host.

  3. Run the following command:

    # ./httpsconfig.sh

  4. During the script's interview process, create the self-signed certificate by entering the servername when the prompted "What is your first and last name? [Unknown]". You'll also create password to the keystore. (Your answers to other questions do not affect the functioning of Management Station.) This concludes the script's execution.

  1. Change directories and run the following commands where <alias> is the value provided to the self-signed certificate, and <name> is any filename, and <anyAlias> does not need to match <alias>:

    cd ../WEB-INF
    $JAVA_HOME/bin/keytool -export -alias <alias> -keystore nuanceHttpsKeystore.jks -rfc -file <name>
    $JAVA_HOME/bin/keytool -importcert -file <name> -keystore $JAVA_HOME/jre/lib/security/cacerts -alias <anyAlias>

Note: The password to the JAVA_HOME keystore is different from the password for the Management Station keystore. The first command prompts for the keystore password created when running the script, and the second command prompts for the keystore password of the JRE (or JDK) that runs Management Station.

  1. Open a command prompt window with the Run as Administrator option.
  2. Navigate to the %MSTATION_HOME%/mserver/webapps/mserver/scripts directory.

  3. Run the following command:

    # httpsconfig.bat

  4. During the script's interview process, create the self-signed certificate by entering the servername when the prompted "What is your first and last name? [Unknown]". You'll also create password to the keystore. (Your answers to other questions do not affect the functioning of Management Station.) This concludes the script's execution.

  5. Change directories and run the following commands where <alias> is the value provided to the self-signed certificate, and <name> is any filename, and <anyAlias> does not need to match <alias>:

    cd %MSTATION_HOME%\mserver\webapps\mserver\WEB-INF
    %JAVA_HOME%\bin\keytool -export -alias <alias> -keystore nuanceHttpsKeystore.jks -rfc -file <name>
    %JAVA_HOME%\bin\keytool -importcert -file <name> -keystore %JAVA_HOME%\jre\lib\security\cacerts -alias <anyAlias>

Note: The password to the JAVA_HOME keystore is different from the password for the Management Station keystore. The first command prompts for the keystore password created when running the script, and the second command prompts for the keystore password of the JRE (or JDK) that runs Management Station.