Deploying FX Sales

This page provides an overview of the steps for deploying FX Sales.


Install Tomcat

Download the latest version of Apache Tomcat 9 and extract the files to your desired directory.

For more information on installing Tomcat 9, see Tomcat Setup on the Tomcat website, and RUNNING.txt distributed with Tomcat.

Deploy the FX Sales WAR file

Follow the steps below:

  1. Shut down Tomcat.

  2. Delete all files and subdirectories in the <tomcat_root>/webapps directory.

  3. Download the WAR file for your variant of FX Sales (variantsalestrader-version.war) from the Caplin Downloads website.

  4. Copy the WAR file to your Tomcat webapps directory: <tomcat_root>/webapps.

    apache-tomcat-versionwebapps variantsalestrader-version.war
  5. Remove the version information from the file name of the WAR. For example, variantsalestrader-2.20.0-12345.war becomes variantsalestrader.war.

    The directory now looks like this:

    apache-tomcat-versionwebapps variantsalestrader.war
  6. Create a web application context file <tomcat_root>/conf/Catalina/localhost/variantsalestrader.xml with the following content:

    <?xml version='1.0' encoding='utf-8'?>
    <!-- Default set of monitored resources -->
    <!-- Core JNDI configuration -->
    <Environment name="LIBERATOR.DOMAIN" value="" (1)
      type="java.lang.String" override="false" />
    <Environment name="LIBERATOR.PRIMARY.ADDRESS" value="" (2)
      type="java.lang.String" override="false" />
    <Environment name="LIBERATOR.PRIMARY.PORT" value="80"
      type="java.lang.String" override="false" />
    <Environment name="LIBERATOR.PRIMARY.HTTPS.PORT" value="443"
      type="java.lang.String" override="false" />
    <Environment name="LIBERATOR.SECONDARY.ADDRESS" value="" (3)
      type="java.lang.String" override="false" />
    <Environment name="LIBERATOR.SECONDARY.PORT" value="80"
      type="java.lang.String" override="false" />
    <Environment name="LIBERATOR.SECONDARY.HTTPS.PORT" value="443"
      type="java.lang.String" override="false" />
    <Environment name="CAPLIN.DEV.MODE" value="false" (4)
      type="java.lang.String" override="false" />
    <Environment name="CAPLIN.LOGIN.ENABLED" value="true" (5)
      type="java.lang.String" override="false" />
    1 Set LIBERATOR.DOMAIN to your domain
    2 Set LIBERATOR.PRIMARY.ADDRESS to the hostname of your primary Liberator
    3 Set LIBERATOR.SECONDARY.ADDRESS to the hostname of your secondary Liberator
    4 Set CAPLIN.DEV.MODE to false in production deployments
    5 Set CAPLIN.LOGIN.ENABLED to true to use FX Sales' built-in login page

    For more information on FX Sales' JNDI environment entries, see FX Sales JNDI configuration.

  7. Review FX Sales' default HTTP headers configured in the WAR file’s web.xml file. For recommended headers, see Recommended HTTP headers. For instructions on how to override HTTP default headers, see Setting HTTP headers.

    To view the default HTTP headers set in the web.xml file, use the following command:

    $ unzip -p varianttrader-version.war WEB-INF/web.xml | less

Configure the Keymaster servlet

Follow the steps below to configure the Keymaster servlet.

  1. Generate a new key pair for the web application’s Keymaster servlet:

    # PKCS1 private key. Compatible with KeyMaster.NET.
    openssl genrsa -out privatekey_pkcs1.pem 2048
    # Convert PKCS1 private key to PKCS8. Compatible with KeyMaster Java.
    openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in privatekey_pkcs1.pem -out privatekey.pem
    # Export public key. Compatible with Caplin Liberator.
    openssl rsa -pubout -outform DER -in privatekey_pkcs1.pem -out keymaster_public.der
  2. Copy the file privatekey.pem to <tomcat_root>/conf/keymaster/.

  3. Set the location of the private key in the <tomcat_root>/conf/Catalina/localhost/variantsalestrader.xml file:

        <!-- KeyMaster servlet configuration -->
        <Environment name="caplin.keymaster.privatekey.filename"
            type="java.lang.String" override="false" />
  4. Copy the file keymaster_public.der to the Deployment Framework directory global-config/ssl on all Liberator hosts.

Configure the SignOn servlet

If your deployment uses FX Sales' built-in sign in page (see CAPLIN.LOGIN.ENABLED in FX Sales' JNDI configuration), follow the steps below.

  1. Generate a new key pair for the SignOn servlet.

    # PKCS1 private key.
    openssl genrsa -out privatekey_pkcs1.pem 2048
    # Convert PKCS1 private key to PKCS8.
    openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in privatekey_pkcs1.pem -out privateSignonKey.pem
    # Export public key.
    openssl rsa -pubout -outform PEM -in privateSignonKey.pem -pubout -out publicSignonKey.pem
  2. Copy both privateSignonKey.pem and publicSignonKey.pem to <tomcat_root>/conf/signon/.

  3. Set the location of the new keys in the <tomcat_root>/conf/Catalina/localhost/variantsalestrader.xml file:


Start Tomcat

If you start Tomcat manually, run the command below from Tomcat’s bin directory:

$ ./

If you start Tomcat as a service, follow instructions in RUNNING.txt.

You can now access FX Sales on http://tomcat_host:tomcat_port/variantsalestrader.