Approaches #

There are at least two possible approaches to get your portal secured using HTTPS transport:

  • arrange an external front-end server like Apache HTTP Server to take care of HTTPS; this is advisable for heavy-duty configurations and has an advantage that a specialized front-end server is likely to be better suited for handling inconsistent requests, hacker attacks, etc; it looks also like this approach allows better flexibility regarding which content to be secured using HTTPS and which not;
  • enable HTTPS immediately on Tomcat or another servlet container you may be using.

Different options are also available about server SSL certificate to be used:

  • a certificate issued by one of certificate authorities that are pre-registered with standard browsers; this is definitely advisable for production portal configurations to avoid browsers complaining about unknown/suspicious certificate;
  • a self-signed certificate that is easy to create for everyone and that is a free reasonable solution for development/testing configurations.
   

Using Apache HTTP Server #

This topic has been covered at the forum:

  • http://www.liferay.com/web/guest/community/forums/-/message_boards/message/488097#_19_message_530734
  • http://www.liferay.com/web/guest/community/forums/-/message_boards/message/197061#_19_message_719584

Enabling HTTPS with a self-signed certificate on non-APR Tomcat #

  • stop the Tomcat if still running :)
  • make your decision about location of the key store; the default location is user home directory, but you may wish something different;
  • prepare the keystore and certificate: type the following command and enter the certificate owner details as prompted (if using java tools prior to Java SE 6 use '-genkey' instead of '-genkeypair'):
 <path_to_java_tools>/keytool -genkeypair -alias tomcat -keyalg RSA \
 -keystore <path_to_key_store>/.keystore \
 -storepass changeit -keypass changeit
  • uncomment the 'Connector' element for port 8443 (and optionally change port to 443) in the file <path_to_tomcat>/conf/server.xml ; add 'keystoreFile=".../.keystore"' attribute to this element if using non-default key store location;
  • look for the <security-constraint> element and its <user-data-constraint> child in the file <path_to_tomcat>/webapps/ROOT/WEB-INF/web.xml and configure their <transport-guarantee> child as
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  • consider adding
 company.security.auth.requires.https=true

: property to file <path_to_tomcat>/webapps/ROOT/WEB-INF/classes/portal-ext.properties ;

  • start the Tomcat and watch Tomcat’s log files in <path_to_tomcat>/logs ;
  • test the application using the URL: https://localhost:8443/ (or https://localhost/).
0 添付ファイル
80936 参照数
平均 (1 投票)
平均評価は4.0星中の5です。
コメント
コメント 作成者 日時
When I enabled https on non-APR Tomcat as... Miles Huang 2009/10/05 9:30
Hi, I have exactly the same problem. When I set... Stephane Jidouard 2010/04/15 5:45
I am using Liferay 5.3.6 using tomcat 6.0 now... Faisal K 2009/10/21 8:30
if it was redirected to... Faisal K 2009/10/21 8:42
Hi Faisal, I want to integrate SSL in liferay,... Dhandapani Shanmugam 2009/10/30 6:49
Hi, I have very few knowledge about https, but... Faisal K 2009/11/02 19:19

When I enabled https on non-APR Tomcat as described here, I simply couldn't login any user. I'm using LP 5.2.3.
Yes, the login page is redirected to https channel, and user is successfully login via https channel. But the problem is the browser will be redirected back to http channel immediately, after successful login. Thus the user lost secure session cookie and back to not logon status. I don't want set "session.enable.phishing.protection=false" since this solution opens a security hole which make https login protection meanningless.
Is there any way to prevent the LP from redirecting user browser back to http channel after successful login?
投稿日時:09/10/05 9:30
I am using Liferay 5.3.6 using tomcat 6.0 now activated ssl also- i am facing problem logging usin http://localhost:8080, it is opening the login page up on login it is redirecting to https://localhost:8080/web/guest, which is not a valid url only so how to resolve this issue.
投稿日時:09/10/21 8:30
if it was redirected to https://localhost:8443/weeb/guest/home then it will work, so is it a problem with tomcat configuration or liferay configuration
Faisal Kへのコメント。投稿日時:09/10/21 8:42
Hi Faisal,

I want to integrate SSL in liferay, can you plz guide me how to do,

Whether can we configure SSL for portlet lever or not? plz let me know

Thanks in advance

Dhans006
Faisal Kへのコメント。投稿日時:09/10/30 6:49
Hi,

I have very few knowledge about https, but the above article was good enough to configure the https activated for my website.

the above article helped me to configure https in both Windows and Linux machine.

Links provided is also very useful.
Dhandapani Shanmugamへのコメント。投稿日時:09/11/02 19:19
Hi, I have exactly the same problem. When I set the "session.enable.phishing.protection=false" the login are in https ant it works but I don't want set false for this option.
Have you a solution for this problem?
Miles Huangへのコメント。投稿日時:10/04/15 5:45