JBoss Community Archive (Read Only)

GateIn Portal 3.8

HTTPS Configuration

By default, GateIn Portal 3.8 is available only through HTTP. This section describes how to enable HTTPS.

Generate the key

If you do not have your own X.509 certificate, you can make a simple certificate using the keytool command: 

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"

Now, your key is stored in server.keystore.

You need to import your key into the Oracle JDK keystore which is required for running gadget features. 

keytool -importkeystore -srckeystore server.keystore -destkeystore $JAVA_HOME/jre/lib/security/cacerts

On OS X cacerts file is located at $JAVA_HOME/lib/security/cacerts.

Since your Oracle JDK keystore has a different password than the one used for the key you created in the first step, you need to change your key password to match the new keystore password. I you have not changed it yet, it is the default JDK trustore pasword: "changeit". 

keytool -keypasswd -alias serverkeys --keystore $JAVA_HOME/jre/lib/security/cacerts

Setup JBoss configuration to use your key

In $JBOSS_HOME/standalone/configuration/standalone.xml file, add an HTTPS connector to web subsystem configuration. Change certificate-key-file and password to values appropriate for your keystore - here we assume the keystore password is "changeit": 

<subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
    ...
    <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
        <ssl name="https" key-alias="serverkeys" password="changeit" certificate-key-file="${java.home}/jre/lib/security/cacerts"/>
    </connector>
    ...
</subsystem>

You can now access the portal using HTTPS: https://localhost:8443/portal.

Configure Tomcat to use your key

  1. In tomcat/conf/server.xml file, comment the following lines: 

    <Connector port="8080" protocol="HTTP/1.1"
	maxThreads="150" connectionTimeout="20000"
	redirectPort="8443" URIEncoding="UTF-8"
	emptySessionPath="true"/>

  2. Then uncomment these lines and add the appropriate keystoreFile and keystorePass values: 

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
	maxThreads="150" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS"
	keystoreFile="${java.home}/jre/lib/security/cacerts"
	keystorePass="changeit" />

  3. Restart GateIn Portal. If your configuration is correct, you can access the portal via HTTPS, usually https://localhost:8443/portal.

JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-10 13:19:55 UTC, last content change 2013-06-03 09:30:49 UTC.