Difference between revisions of "Setting up SSL/HTTPS"

Configuring SSL

As a minimum SSL has to be enabled in the application server (JBoss,Tomcat etc).

Optionally TempusServa SSL policies can be tweaked to enforce certain behaviours.

Configuring SSL i web application

Checklist for Tomcat 6 or 7

1. Import certifcates to keystore or copy from another server
2. Uncomment connector code in conf/server.xml
3. Set keystore reference and password
4. Reboot server

In order to ensure high level encryption, consider enabling the following options

ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

Configuring SSL i Tempus Serva

Two configurations options exist

• Require SSL for login actions: securitySslPages
• Require SSL for all othe pages: securitySslLogin

Note that SSL can not be actively prevented. If such behavior is required, the only option is to disable this at the web application level.

Finally the SSL connector port can be changed if set to nondefault values: applicationlPortSSL

Problems with wrappers

The usage of wrappers can result in SSL warnings.

If your solution is depending on the use of Wrappers, please tjeck the following

• All style, script and image references are made with HTTPS
• No referenced stylesheets depends on images using HTTP

If the wrapper cannot be transformed from HTTP to HTTPS, referenced ressources should be copied to the server

• Stylesheets copied to TS stylesheet
• Images downloaded and copied to the media library

After changes are made remmeber to flush caches: Both Chrome and IE sometimes caches longer than expected.