977102 – Enable HTTPS Communication

Bug 977102 - Enable HTTPS Communication

Summary: Enable HTTPS Communication

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Portal Platform 6
Classification:	JBoss
Component:	Documentation
Sub Component:
Version:	6.0.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Jared MORGAN
QA Contact:	Dominik Pospisil
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-23 14:28 UTC by Marco Battaglia
Modified:	2015-08-10 01:23 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the instructions for creating a SSL keypair and certificate the Java keytool were not compatible with Tomcat Native library installations. This could have caused issues with securing the portal correctly when following the Installation Guide instructions. Information about OpenSSL has been added to the Enabling HTTPS Communication instructions, which now provide the correct HTTPS procedures for customers running Tomcat Native libraries.
Clone Of:
Environment:	Instance Name: Not Defined Build: CSProcessor Builder Version 1.7 Build Name: 11942, Installation Guide-6-6.0.0 Build Date: 06-03-2013 11:14:23
Last Closed:	2013-11-07 14:25:13 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Marco Battaglia 2013-06-23 14:28:51 UTC

Document URL: https://access.redhat.com/site/documentation/en-US/JBoss_Portal_Platform/6/pdf/Installation_Guide/JBoss_Portal_Platform-6-Installation_Guide-en-US.pdf

Section Number and Name: 6.8. Enable HTTPS Communication


Describe the issue: If there are native libraries installed you cannot use java keytool to generate keystore, but you have to use openSSL

Suggestions for improvement: If the Tomcat Native libraries are installed, the certificate store need to be created using openSSL.
Note: On Linux 32 bit and 64 distributions, the Tomcat native libraries are enabled by default.
They can be disabled by setting the flag native="false" on the web subsystem configuration.

Generation of a openSSL key and certificate:
# openssl genrsa -des3 -out server.pem 1024
# openssl req -new -key server.pem -out server.csr
# openssl x509 -req -days 365 -in server.csr -signkey server.pem -out servercert.pem
HTTPS connector configuration for openSSL:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
  <ssl password="mypassword" certificate-key-file="server.pem" protocol="TLSv1" verify-client="true" certificate-file="servercert.pem"/>
</connector>

Additional information:

Comment 1 Jared MORGAN 2013-06-26 00:15:32 UTC

Thanks very much for this detailed bug report, Marco.

I've incorporated your changes and will submit them to QE for verification and approval. These changes will be in the JPP 6.1 Beta Release.

Note You need to log in before you can comment on or make changes to this bug.