JBoss Community Archive (Read Only)

GateIn Portal 3.5

HTTPS Configuration

GateIn Portal3.5 default run on the HTTP mode. However, for security purpose, you can config GateIn Portal to run on the HTTPS mode. This section show you how to config GateIn with HTTPS mode.

Generate your key

If you haven't your own X.509 certificate, you can make a simple certificate using the keytool command: 

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"

Now, your key is stored in server.keystore.

You need to import your key into the Sun JDK keystore (This is required to help running gadget features) 

keytool -importkeystore -srckeystore server.keystore -destkeystore $JAVA_HOME/jre/lib/security/cacerts

Note

On OS X cacerts file is located at $JAVA_HOME/lib/security/cacerts.

Also, since your Sun JDK keystore has a different password than the one used for the key you created in the first step you have to change your key password to match the new keystore password (probably it's the default JDK trustore pasword: 'changeit') 

keytool -keypasswd -alias serverkeys --keystore $JAVA_HOME/jre/lib/security/cacerts

Setup JBoss configuration to use your key

  1. Edit $JBOSS_HOME/standalone/configuration/standalone.xml by adding https connector to web subsystem configuration (change certificate-key-file and password to values appropriate for your keystore - here we assume the keystore password is 'changeit'): 

<subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
    ...
    <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
        <ssl name="https" key-alias="serverkeys" password="changeit" certificate-key-file="${java.home}/jre/lib/security/cacerts"/>
    </connector>
    ...
</subsystem>

You can now access the portal by going to https://localhost:8443/portal.

Setup Tomcat configuration to use your key

  1. Edit server.xml from tomcat/conf folder by commenting the lines: 

<Connector port="8080" protocol="HTTP/1.1"
	maxThreads="150" connectionTimeout="20000"
	redirectPort="8443" URIEncoding="UTF-8"
	emptySessionPath="true"/>

  1. Uncomment lines and add keystoreFile and keystorePass values: 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
	maxThreads="150" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS"
	keystoreFile="${java.home}/jre/lib/security/cacerts"
	keystorePass="changeit" />

  1. Restart GateIn. If your configuration is correct, you can access to GateIn via https://<ServerAddress>:8443/portal.

JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-10 12:47:46 UTC, last content change 2012-12-14 15:02:06 UTC.