1.2. HTTPS configuration

Generating your key

If you do not have your own X.509 certificate, you can make a simple certificate using the keytool command:

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"

Now, your key is stored in server.keystore.

You need to import your key into the Oracle JDK keystore that is required to help running gadget features:

keytool -importkeystore -srckeystore server.keystore -destkeystore $JAVA_HOME/jre/lib/security/cacerts

Note

On the MAC OS X, the cacerts file is located at $JAVA_HOME/lib/security/cacerts.

Also, since your Oracle JDK keystore has a different password than the one used for the key you created in the first step, you have to change your key password to match the new keystore password (The default JDK keystore pasword may be 'changeit').

keytool -keypasswd -alias serverkeys --keystore $JAVA_HOME/jre/lib/security/cacerts

Setting up JBoss configuration to use your key

  1. Edit the $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml by adding "https connector" to the web subsystem configuration (change certificate-key-file and password to values appropriate for your keystore - assuming that the keystore password is 'changeit'):

    <subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">
    ...
    <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
        <ssl name="https" key-alias="serverkeys" password="changeit" certificate-key-file="${java.home}/lib/security/cacerts"/>
    </connector>
    ...
    </subsystem>

  2. Access the portal by going to https://localhost:8443/portal.

Configuring Tomcat to use your key

  1. Edit the $PLATFORM_TOMCAT_HOME/conf/server.xml file by commenting the lines:

    <Connector address="0.0.0.0" port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" redirectPort="8443"
connectionTimeout="20000" disableUploadTimeout="true"
URIEncoding="UTF-8"
compression="off" compressionMinSize="2048"
noCompressionUserAgents=".*MSIE 6.*" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript" />

  2. Uncomment lines and add keystoreFile and keystorePass values:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${java.home}/lib/security/cacerts"
keystorePass="changeit"/>

  3. Restart. If your configuration is correct, you can access to portal via https://localhost:8443/portal.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus