Difference between revisions of "Setting up SSL/HTTPS"
old>Admin |
old>Admin |
||
Line 1: | Line 1: | ||
== Configuring SSL == | |||
As a minimum SSL has to be enabled in the application server (JBoss,Tomcat etc). | As a minimum SSL has to be enabled in the application server (JBoss,Tomcat etc). | ||
Revision as of 13:17, 11 February 2013
Configuring SSL
As a minimum SSL has to be enabled in the application server (JBoss,Tomcat etc).
Optionally TempusServa SSL policies can be tweaked to enforce certain behaviours.
Configuring SSL i web application
Checklist for Tomcat 6 or 7
- Import certifcates to keystore or copy from another server
- Uncomment connector code in conf/server.xml
- Set keystore reference and password
- Reboot server
In order to ensure high level encryption, consider enabling the following options
ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
Configuring SSL i Tempus Serva
Two configurations options exist
- Require SSL for login actions: securitySslPages
- Require SSL for all othe pages: securitySslLogin
Note that SSL can not be actively prevented. If such behavior is required, the only option is to disable this at the web application level.
Finally the SSL connector port can be changed if set to nondefault values: applicationlPortSSL
Problems with wrappers
The usage of wrappers can result in SSL warnings.
If your solution is depending on the use of Wrappers, please tjeck the following
- All style, script and image references are made with HTTPS
- No referenced stylesheets depends on images using HTTP
If the wrapper cannot be transformed from HTTP to HTTPS, referenced ressources should be copied to the server
- Stylesheets copied to TS stylesheet
- Images downloaded and copied to the media library
After changes are made remmeber to flush caches: Both Chrome and IE sometimes caches longer than expected.