DLS FAQ

What is DLS ?

 * See Deployment Service.

What is DlsAPI ?

 * See DlsAPI.

How can I access the web-based management of DLS (DLS-GUI)?

 * See the current DLS release notes, chapter 4.5.5.

Introduction
DLS provides both http (default port 18080) and https (port 10443) for browser-based access to DLS-GUI. https is TLS/SSL-protected http and provides the same access to the web server as http, with the following security add-ons:
 * end-to-end encryption of all data exchanged between the browser and the web server
 * authentication of the web server by the browser

DLS uses Apache Tomcat 5.5 as web server, and is equipped with a default certificate that is used to establish https connections. This provides end-to-end encryption without further configuration steps. However, the browser is not able to authenticate the web server based on its default certificate for two reasons: Missing authentication makes the encrypted connection between the browser and the DLS web server prone to Man-in-the-Middle Attacks.
 * The certificate authority (CA) that has signed the DLS server's default certificate is not trusted in the customer's corporate network. (All trusted CAs are or have to be configured in the customer employee's browser, but the signing CA of the default certificate is not / should not be among them.)
 * The name of the default certificate ("Deployment Service V2") does not match the domain name (or IP address) of the DLS server as installed in the customer's corporate network. (There is no binding of a particular certificate to a particular server.)

It is therefore recommended to customize the DLS server installation in the following two ways: The description below is a step-by-step instruction to achieve this. In general, the configuration steps are conformant to typical Apache Tomcat installations. For further technical details you may therefore refer to the Tomcat 5.5 SSL configuration guide.
 * 1) enable https (i.e. SSL-protected http) only, and disable http
 * 2) install and activate a customized SSL certificate for use by the DLS web server

Notes:
 * This description is also valid for https access to the DlsAPI (port 10444).
 * Future versions of DLS may switch to Apache Tomcat 6.x. The description remains valid; for technical details, you may then refer to Tomcat 6.x SSL configuration guide.
 * The description is not valid for OpenScape Voice / Linux-based installations of the DLS server. Here, DLS does not provide its own Apache Tomcat web server, but makes use of the Tomcat web server provided by the OpenScape application platform. The associated instructions will be provided soon.

Certificate Requirements
The certificate must be a X.509 v3 certificate according to the X.509 standard, as defined in RFC 5280. The following table provides a summary of recommended settings in certificate fields and extensions.

Contact the customer's IT or PKI administration to order an appropriate certificate.

Preconditions - What you need

 * A PKCS#12 file that contains the private key and certificate you want to enable for DLS server (usually used extension for this file type on Windows OS is: ".p12"). The sample filename used in this instruction is: 
 * The passphrase this PKCS#12 file is encrypted with. The sample passphrase is: 

Step-by-Step Instruction
 ...	
 * On DLS Server, copy  into the directory: \Tomcat5\conf
 * Stop DLS Service
 * Edit the Tomcat configuration file: \Tomcat5\conf\server.xml:
 * Search for the connectors for DLS-GUI/http (port=18080), DLS-GUI/https (port=10443) and DlsAPI/https (port=10444); connectors are indicated by the XML tags:
 * Delete the connector for http completely
 * Within the https connectors, replace the following XML attributes:
 * Change  to
 * Change  to KeystorePass="My-Passphrase"
 * Save the changes of the file server.xml and quit the editor
 * Start DLS Service - the DLS web service now starts using the freshly installed customized SSL certificate.