BACKGROUND:
This article provides a step by step guide to setup HTTPS for LAE 6.x series.
This article assumes that you are using the bundled Jetty server, and describes how to setup when you generate a self-signed certificate. If using your own certificate then you do not need to do step 4, however must do step 6b.
Note: If you are not using Jetty, then at step 7, please refer to the documentation of your web container.
STEPS:
1. Stop all LAE services (Database (H2), Web application (Jetty), LAE Server)
2. Create a Keystore using the keytool application bundled with the JRE (<installDir>\jre\jre\bin):
a. Execute: i. <installDir>\jre\jre\bin\keytool -genkey -alias jetty -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
b. Ensure that when it asks you for first name and last name to enter the domain name you are using, by default this would be localhost
3. If you are using your own certificate then proceed to step 5
4. Extract the certificate from the newly created keystore:
a. Execute: i. <installDir>\jre\jre\bin\keytool -export -alias jetty -storepass changeit -file selfsignedcert.cer -keystore keystore.jks
5. Move the keystore.jks file to:
a. <installDir>\jetty\
6. Import the certificate you want to use (this could be your own cert, or the self-signed cert you extracted in step 4) into the cacerts keystore of the bundled jre (and to the new keystore.jks if using your own cert):
a. Import into the cacerts keystore, execute the following:
i. <installdir>\jre\jre\bin\keytool -import -v -trustcacerts -alias jetty -file selfsignedcert.cer -keystore <installation-dir>\jre\jre\lib\security\cacerts -keypass changeit
b. Optionally - if using your own cert then also import into the newly created keystore:
i. <installDir>\jre\jre\bin\keytool -import -v -trustcacerts -alias jetty -file selfsignedcert.cer -keystore <installation-dir>\jetty\keystore.jks -keypass changeit
7. Update Jetty configuration:
a. Update <installDir>\jetty\etc\jetty-ssl.xml adding the following towards the end (inside the </Configure> tag): <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="KeyStorePath"><Property name="jetty.home" default="." />/keystore.jks</Set> <Set name="KeyStorePassword">changeit</Set> <Set name="KeyManagerPassword">changeit</Set> <Set name="TrustStorePath"><Property name="jetty.home" default="." />/keystore.jks</Set> <Set name="TrustStorePassword">changeit</Set> </New>
b. Update <installDir>\jetty\etc\jetty-https.xml to change the https.port number to 8443 i.e. change in the following line:
<Set name="port"><Property name="https.port" default="8443" /></Set>
c. To re-direct all http requests update <installDir>\jetty\etc\webdefault.xml by adding the following towards the end (inside the </web-app> tag): <security-constraint> <web-resource-collection> <web-resource-name>Everything</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
d. Add the following lines to the bottom of the <installDir>\jetty\start.ini file: etc/jetty-ssl.xml etc/jetty-https.xml
8. Update LAE configuration:
a. Add the following line to <installDir>\conf\site.prop file: ls.brain.webapp.contextUrl=https://localhost:8443/
b. If the following line is present in <installDir>\conf\site.prop file then either remove or comment out with a # ls.brain.webapp.port=8080
9. Startup all services (Database (H2), Web application (Jetty), LAE Server)
10. You should now be able to navigate to either: a. https://localhost:8443 b. http://localhost:8080 (Where 8080 was the original port used on installation, here it should redirect through to https://localhost:8443)
RELATED ARTICLES:
For setting up HTTPS on Data3Sixty Analyze, see the Getting Started / Help section, under:
System Administration > Enable HTTPS
and
Reference > SSL Configuration
Comments
0 comments
Please sign in to leave a comment.