Bug 977102

Summary: Enable HTTPS Communication
Product: [JBoss] JBoss Enterprise Portal Platform 6 Reporter: Marco Battaglia <marco.battaglia>
Component: DocumentationAssignee: Jared MORGAN <jmorgan>
Status: CLOSED CURRENTRELEASE QA Contact: Dominik Pospisil <dpospisi>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: epp-bugs, jpp-docs, mmurray
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
It was discovered that the instructions for creating a SSL keypair and certificate the Java keytool were not compatible with Tomcat Native library installations. This could have caused issues with securing the portal correctly when following the Installation Guide instructions. Information about OpenSSL has been added to the Enabling HTTPS Communication instructions, which now provide the correct HTTPS procedures for customers running Tomcat Native libraries.
 Story Points: ---
Clone Of: Environment:
Instance Name: Not Defined Build: CSProcessor Builder Version 1.7 Build Name: 11942, Installation Guide-6-6.0.0 Build Date: 06-03-2013 11:14:23
Last Closed: 2013-11-07 14:25:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marco Battaglia 2013-06-23 14:28:51 UTC 
Document URL: https://access.redhat.com/site/documentation/en-US/JBoss_Portal_Platform/6/pdf/Installation_Guide/JBoss_Portal_Platform-6-Installation_Guide-en-US.pdf

Section Number and Name: 6.8. Enable HTTPS Communication


Describe the issue: If there are native libraries installed you cannot use java keytool to generate keystore, but you have to use openSSL

Suggestions for improvement: If the Tomcat Native libraries are installed, the certificate store need to be created using openSSL.
Note: On Linux 32 bit and 64 distributions, the Tomcat native libraries are enabled by default.
They can be disabled by setting the flag native="false" on the web subsystem configuration.

Generation of a openSSL key and certificate:
# openssl genrsa -des3 -out server.pem 1024
# openssl req -new -key server.pem -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.pem -out servercert.pem
HTTPS connector configuration for openSSL:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
  <ssl password="mypassword" certificate-key-file="server.pem" protocol="TLSv1" verify-client="true" certificate-file="servercert.pem"/>
</connector>

Additional information:
Comment 1 Jared MORGAN 2013-06-26 00:15:32 UTC 
Thanks very much for this detailed bug report, Marco.

I've incorporated your changes and will submit them to QE for verification and approval. These changes will be in the JPP 6.1 Beta Release.