This wiki does not contain official documentation and is currently deprecated and read only. Please try reading the documentation on the Liferay Developer Network, the new site dedicated to Liferay documentation. DISCOVER Build your web site, collaborate with your colleagues, manage your content, and more. DEVELOP Build applications that run inside Liferay, extend the features provided out of the box with Liferay's APIs. DISTRIBUTE Let the world know about your app by publishing it in Liferay's marketplace. PARTICIPATE Become a part of Liferay's community, meet other Liferay users, and get involved in the open source project. « Configuring に戻る
HTTPS
Approaches #
There are at least two possible approaches to get your portal secured using HTTPS transport:
- arrange an external front-end server like Apache HTTP Server to take care of HTTPS; this is advisable for heavy-duty configurations and has an advantage that a specialized front-end server is likely to be better suited for handling inconsistent requests, hacker attacks, etc; it looks also like this approach allows better flexibility regarding which content to be secured using HTTPS and which not;
- enable HTTPS immediately on Tomcat or another servlet container you may be using.
Different options are also available about server SSL certificate to be used:
- a certificate issued by one of certificate authorities that are pre-registered with standard browsers; this is definitely advisable for production portal configurations to avoid browsers complaining about unknown/suspicious certificate;
- a self-signed certificate that is easy to create for everyone and that is a free reasonable solution for development/testing configurations.
Using Apache HTTP Server #
This topic has been covered at the forum:
- http://www.liferay.com/web/guest/community/forums/-/message_boards/message/488097#_19_message_530734
- http://www.liferay.com/web/guest/community/forums/-/message_boards/message/197061#_19_message_719584
Enabling HTTPS with a self-signed certificate on non-APR Tomcat #
- stop the Tomcat if still running :)
- make your decision about location of the key store; the default location is user home directory, but you may wish something different;
- prepare the keystore and certificate: type the following command and enter the certificate owner details as prompted (if using java tools prior to Java SE 6 use '-genkey' instead of '-genkeypair'):
<path_to_java_tools>/keytool -genkeypair -alias tomcat -keyalg RSA \ -keystore <path_to_key_store>/.keystore \ -storepass changeit -keypass changeit
- uncomment the 'Connector' element for port 8443 (and optionally change port to 443) in the file <path_to_tomcat>/conf/server.xml ; add 'keystoreFile=".../.keystore"' attribute to this element if using non-default key store location;
- look for the <security-constraint> element and its <user-data-constraint> child in the file <path_to_tomcat>/webapps/ROOT/WEB-INF/web.xml and configure their <transport-guarantee> child as
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
- consider adding
company.security.auth.requires.https=true
: property to file <path_to_tomcat>/webapps/ROOT/WEB-INF/classes/portal-ext.properties ;
- start the Tomcat and watch Tomcat’s log files in <path_to_tomcat>/logs ;
- test the application using the URL: https://localhost:8443/ (or https://localhost/).
Links #
80936 参照数
