JBoss.orgCommunity Documentation
By default, eXo Platform runs in the HTTP mode. However, for the security purposes, you can configure it to run in the HTTPS mode. This section explains how to configure HTTPS mode.
1. Generate your key.
If you do not have an X.509 certificate, you can make a simple certificate using the keytool command.
i. Change the variables in the following command to suit your circumstances, then run it a terminal:
keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"
Your key will be stored in server.keystore.
ii. Import your key into the Sun JDK keystore (this is required to help running gadget features) with the following command:
keytool -importkeystore -srckeystore server.keystore -destkeystore $JAVA_HOME/jre/lib/security/cacerts
2. Set up the Jboss configuration to use your new key.
i. Comment the following lines in JBOSS_HOME/server/<PROFILE>/deploy/jbossweb.sar/server.xml:
<Connector URIEncoding="UTF-8" acceptCount="100" address="${jboss.bind.address}" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript" compression="on" compressionMinSize="2048" connectionTimeout="20000" disableUploadTimeout="true" emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents=".*MSIE 6.*" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
ii. Uncomment the following line:
<Connector SSLEnabled="true" address="${jboss.bind.address}" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" keystorePass="rmi+ssl" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
Then, change the values of keystoreFile and keystorePass to values of your key.
3. Restart your server. You can now access the portal via https://<ServerAddress>:8443/portal.