Approaches #

There are at least two possible approaches to get your portal secured using HTTPS transport:

  • arrange an external front-end server like Apache HTTP Server to take care of HTTPS; this is advisable for heavy-duty configurations and has an advantage that a specialized front-end server is likely to be better suited for handling inconsistent requests, hacker attacks, etc; it looks also like this approach allows better flexibility regarding which content to be secured using HTTPS and which not;
  • enable HTTPS immediately on Tomcat or another servlet container you may be using.

Different options are also available about server SSL certificate to be used:

  • a certificate issued by one of certificate authorities that are pre-registered with standard browsers; this is definitely advisable for production portal configurations to avoid browsers complaining about unknown/suspicious certificate;
  • a self-signed certificate that is easy to create for everyone and that is a free reasonable solution for development/testing configurations.

Using Apache HTTP Server #

This topic has been covered at the forum:


Enabling HTTPS with a self-signed certificate on non-APR Tomcat #

  • stop the Tomcat if still running :)
  • make your decision about location of the key store; the default location is user home directory, but you may wish something different;
  • prepare the keystore and certificate: type the following command and enter the certificate owner details as prompted (if using java tools prior to Java SE 6 use '-genkey' instead of '-genkeypair'):
 <path_to_java_tools>/keytool -genkeypair -alias tomcat -keyalg RSA \
 -keystore <path_to_key_store>/.keystore \
 -storepass changeit -keypass changeit
  • uncomment the 'Connector' element for port 8443 (and optionally change port to 443) in the file <path_to_tomcat>/conf/server.xml ; add 'keystoreFile=".../.keystore"' attribute to this element if using non-default key store location;
  • look for the <security-constraint> element and its <user-data-constraint> child in the file <path_to_tomcat>/webapps/ROOT/WEB-INF/web.xml and configure their <transport-guarantee> child as
  • consider adding

: property to file <path_to_tomcat>/webapps/ROOT/WEB-INF/classes/ ;

  • start the Tomcat and watch Tomcat’s log files in <path_to_tomcat>/logs ;
  • test the application using the URL: https://localhost:8443/ (or https://localhost/).
0 Allegati
73450 Visualizzazioni
Media (1 Voto)
La media del punteggio è 4.0 stelle su 5.
Commenti Autore Data
When I enabled https on non-APR Tomcat as... Miles Huang 5 ottobre 2009 9.30
Hi, I have exactly the same problem. When I set... Stephane Jidouard 15 aprile 2010 5.45
I am using Liferay 5.3.6 using tomcat 6.0 now... Faisal K 21 ottobre 2009 8.30
if it was redirected to... Faisal K 21 ottobre 2009 8.42
Hi Faisal, I want to integrate SSL in liferay,... Dhandapani Shanmugam 30 ottobre 2009 6.49
Hi, I have very few knowledge about https, but... Faisal K 2 novembre 2009 19.19

When I enabled https on non-APR Tomcat as described here, I simply couldn't login any user. I'm using LP 5.2.3.
Yes, the login page is redirected to https channel, and user is successfully login via https channel. But the problem is the browser will be redirected back to http channel immediately, after successful login. Thus the user lost secure session cookie and back to not logon status. I don't want set "" since this solution opens a security hole which make https login protection meanningless.
Is there any way to prevent the LP from redirecting user browser back to http channel after successful login?
Inviato il 05/10/09 9.30.
I am using Liferay 5.3.6 using tomcat 6.0 now activated ssl also- i am facing problem logging usin http://localhost:8080, it is opening the login page up on login it is redirecting to https://localhost:8080/web/guest, which is not a valid url only so how to resolve this issue.
Inviato il 21/10/09 8.30.
if it was redirected to https://localhost:8443/weeb/guest/home then it will work, so is it a problem with tomcat configuration or liferay configuration
Inviato il 21/10/09 8.42 in risposta a Faisal K.
Hi Faisal,

I want to integrate SSL in liferay, can you plz guide me how to do,

Whether can we configure SSL for portlet lever or not? plz let me know

Thanks in advance

Inviato il 30/10/09 6.49 in risposta a Faisal K.

I have very few knowledge about https, but the above article was good enough to configure the https activated for my website.

the above article helped me to configure https in both Windows and Linux machine.

Links provided is also very useful.
Inviato il 02/11/09 19.19 in risposta a Dhandapani Shanmugam.
Hi, I have exactly the same problem. When I set the "" the login are in https ant it works but I don't want set false for this option.
Have you a solution for this problem?
Inviato il 15/04/10 5.45 in risposta a Miles Huang.