
« Zurück zu Configuring
HTTPS
Approaches #
There are at least two possible approaches to get your portal secured using HTTPS transport:
- arrange an external front-end server like Apache HTTP Server to take care of HTTPS; this is advisable for heavy-duty configurations and has an advantage that a specialized front-end server is likely to be better suited for handling inconsistent requests, hacker attacks, etc; it looks also like this approach allows better flexibility regarding which content to be secured using HTTPS and which not;
- enable HTTPS immediately on Tomcat or another servlet container you may be using.
Different options are also available about server SSL certificate to be used:
- a certificate issued by one of certificate authorities that are pre-registered with standard browsers; this is definitely advisable for production portal configurations to avoid browsers complaining about unknown/suspicious certificate;
- a self-signed certificate that is easy to create for everyone and that is a free reasonable solution for development/testing configurations.
Using Apache HTTP Server #
This topic has been covered at the forum:
- http://www.liferay.com/web/guest/community/forums/-/message_boards/message/488097#_19_message_530734
- http://www.liferay.com/web/guest/community/forums/-/message_boards/message/197061#_19_message_719584
Enabling HTTPS with a self-signed certificate on non-APR Tomcat #
- stop the Tomcat if still running :)
- make your decision about location of the key store; the default location is user home directory, but you may wish something different;
- prepare the keystore and certificate: type the following command and enter the certificate owner details as prompted (if using java tools prior to Java SE 6 use '-genkey' instead of '-genkeypair'):
<path_to_java_tools>/keytool -genkeypair -alias tomcat -keyalg RSA \ -keystore <path_to_key_store>/.keystore \ -storepass changeit -keypass changeit
- uncomment the 'Connector' element for port 8443 (and optionally change port to 443) in the file <path_to_tomcat>/conf/server.xml ; add 'keystoreFile=".../.keystore"' attribute to this element if using non-default key store location;
- look for the <security-constraint> element and its <user-data-constraint> child in the file <path_to_tomcat>/webapps/ROOT/WEB-INF/web.xml and configure their <transport-guarantee> child as
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
- consider adding
company.security.auth.requires.https=true
: property to file <path_to_tomcat>/webapps/ROOT/WEB-INF/classes/portal-ext.properties ;
- start the Tomcat and watch Tomcat’s log files in <path_to_tomcat>/logs ;
- test the application using the URL: https://localhost:8443/ (or https://localhost/).
Links #
80914 Angesehen