Installation GuideInstalling a Windows ImplementationSSL, Authentication, and Certificates › Portal Support for SSL-Encrypted Communication

Previous Topic: What a Certificate Proves

Next Topic: Installing an AIX Implementation

Portal Support for SSL-Encrypted Communication

The portal is a web-based application that is available to client computers through supported application servers. To configure SSL for the HTTPS transport of the application server, you first create an SSL key file (which defines the security policy). You then configure the application server to use the file.

Note: For more information about how to configure your application server for SSL communication, see the documentation for your product.

Example: Create a Self-Signed Certificate

This example shows you how to create a self-signed certificate.

Important! With a self-signed certificate trusting the issuer is problematic. In a production environment, use a certificate issued by a trusted Certificate Authority.

  1. Open a command prompt windows.
  2. Enter the following command: 
    keytool -genkey -alias name -keyalg RSA -keystore server.keystore
    -alias name

    Defines the alias to use for adding an entry to the keystore.

    -keyalg

    Specifies the algorithm to use to generate the key pair.

    The keytool utility starts.

  3. Complete the prompts as required and press Enter to verify the parameters you entered.

    A server.keystore file is created in the current folder.

Example: Configure JBoss for SSL Communication

By default, JBoss is not installed with SSL support. This means that all communication between the application server and the Portal client is not encrypted. This example shows you how to configure JBoss version 4.2.2 to use a certificate to secure communication.

Note: For more information about configuring JBoss for SSL, see the JBoss Community Documentation Library.

To configure JBoss for SSL communication

  1. Stop JBoss if it is running.
  2. Place your certificate in the following folder: 
    RCM_directory\eurekify-jboss\server\eurekify\conf
  3. Locate the file named server.xml in the following directory and open it for editing: 
    RCM_directory\eurekify-jboss\server\eurekify\deploy\jboss-web.deployer
  4. Locate the SSL <Connector port> tag in the following section: 
    <!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" /> -->
  5. Remove the surrounding comment marks ("<!--" and "-->").

    You can now edit this tag.

  6. Add the following properties to the <Connector port> tag: 
    keystoreFile="${jboss.server.home.dir}/conf/server.keystore" keystorePass="newPassword"
    keystoreFile

    Specifies the full pathname of the keystore file.

    keystorePass

    Specifies the keystore password.

    The <Connector port> tag should now appear as follows:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
	maxThreads="150" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS"
	keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
	keystorePass="newPassword" />
  7. Save and close the server.xml file.

    Start JBoss again.

    Note: After you have completed this procedure, you can select to connect to JBoss, and the Portal, in either SSL or non-SSL modes.