Bug 977102 - Enable HTTPS Communication
Enable HTTPS Communication
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Portal Platform 6
Classification: JBoss
Component: Documentation (Show other bugs)
6.0.0
x86_64 Linux
unspecified Severity low
: ---
: ---
Assigned To: Jared MORGAN
Dominik Pospisil
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-23 10:28 EDT by Marco Battaglia
Modified: 2015-08-09 21:23 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that the instructions for creating a SSL keypair and certificate the Java keytool were not compatible with Tomcat Native library installations. This could have caused issues with securing the portal correctly when following the Installation Guide instructions. Information about OpenSSL has been added to the Enabling HTTPS Communication instructions, which now provide the correct HTTPS procedures for customers running Tomcat Native libraries.
Story Points: ---
Clone Of:
Environment:
Instance Name: Not Defined Build: CSProcessor Builder Version 1.7 Build Name: 11942, Installation Guide-6-6.0.0 Build Date: 06-03-2013 11:14:23
Last Closed: 2013-11-07 09:25:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marco Battaglia 2013-06-23 10:28:51 EDT
Document URL: https://access.redhat.com/site/documentation/en-US/JBoss_Portal_Platform/6/pdf/Installation_Guide/JBoss_Portal_Platform-6-Installation_Guide-en-US.pdf

Section Number and Name: 6.8. Enable HTTPS Communication


Describe the issue: If there are native libraries installed you cannot use java keytool to generate keystore, but you have to use openSSL

Suggestions for improvement: If the Tomcat Native libraries are installed, the certificate store need to be created using openSSL.
Note: On Linux 32 bit and 64 distributions, the Tomcat native libraries are enabled by default.
They can be disabled by setting the flag native="false" on the web subsystem configuration.

Generation of a openSSL key and certificate:
# openssl genrsa -des3 -out server.pem 1024
# openssl req -new -key server.pem -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.pem -out servercert.pem
HTTPS connector configuration for openSSL:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
  <ssl password="mypassword" certificate-key-file="server.pem" protocol="TLSv1" verify-client="true" certificate-file="servercert.pem"/>
</connector>

Additional information:
Comment 1 Jared MORGAN 2013-06-25 20:15:32 EDT
Thanks very much for this detailed bug report, Marco.

I've incorporated your changes and will submit them to QE for verification and approval. These changes will be in the JPP 6.1 Beta Release.

Note You need to log in before you can comment on or make changes to this bug.