Ticket #295 (closed Enhancement: fixed)

Opened 8 years ago

Last modified 6 years ago

HTTPS support

Reported by: jri Owned by: jri
Priority: Major Milestone: Release 4.1
Component: DeepaMehta Standard Distribution Version: 4.0.11
Keywords: Cc: dgf, Malte
Complexity: 3 Area:
Module:

Description

DM's webserver should optionally run HTTPS.

Change History

comment:1 Changed 8 years ago by jri

  • Status changed from new to accepted

comment:2 Changed 8 years ago by Jörg Richter

HTTPS support (#295).

There are new settings in the global POM (resp. in config.properties for the binary distribution):

<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure>
<org.apache.felix.http.enable>true</org.apache.felix.http.enable>
<org.apache.felix.https.enable>false</org.apache.felix.https.enable>
<org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password>
<org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>

To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:

1) keytool -genkey
2) Enter a keystore password
3) Enter your name and organization
4) Enter a key password

A file .keystore is created in your home directory.

Then set the properties in the global POM (resp. config.properties)

5) set org.apache.felix.https.enable to true.
6) set org.apache.felix.https.keystore.password to the password you've choosen in step 2)
7) set org.apache.felix.https.keystore.key.password to the password you've choosen in step 4)
8) start DeepaMehta (as usual by mvn pax:run)

Optionally you can choose the port to be used for HTTPS by setting the org.osgi.service.http.port.secure property.
Note: using ports below 1000 require root permission.

You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set org.apache.felix.http.enable to false.

The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.

See ticket 295.

comment:3 Changed 8 years ago by Jörg Richter

HTTPS support (#295).

There are new settings in the global POM (resp. in config.properties for the binary distribution):

<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure>
<org.apache.felix.http.enable>true</org.apache.felix.http.enable>
<org.apache.felix.https.enable>false</org.apache.felix.https.enable>
<org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password>
<org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>

To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:

1) keytool -genkey
2) Enter a keystore password
3) Enter your name and organization
4) Enter a key password

A file .keystore is created in your home directory.

Then set the properties in the global POM (resp. config.properties)

5) set org.apache.felix.https.enable to true.
6) set org.apache.felix.https.keystore.password to the password you've choosen in step 2)
7) set org.apache.felix.https.keystore.key.password to the password you've choosen in step 4)
8) start DeepaMehta (as usual by mvn pax:run)

Optionally you can choose the port to be used for HTTPS by setting the org.osgi.service.http.port.secure property.
Note: using ports below 1000 require root permission.

You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set org.apache.felix.http.enable to false.

The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.

See ticket 295.

comment:4 Changed 8 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed

comment:5 Changed 8 years ago by Jörg Richter

HTTPS support (#295).

There are new settings in the global POM (resp. in config.properties for the binary distribution):

<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure>
<org.apache.felix.http.enable>true</org.apache.felix.http.enable>
<org.apache.felix.https.enable>false</org.apache.felix.https.enable>
<org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password>
<org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>

To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:

1) keytool -genkey
2) Enter a keystore password
3) Enter your name and organization
4) Enter a key password

A file .keystore is created in your home directory.

Then set the properties in the global POM (resp. config.properties)

5) set org.apache.felix.https.enable to true.
6) set org.apache.felix.https.keystore.password to the password you've choosen in step 2)
7) set org.apache.felix.https.keystore.key.password to the password you've choosen in step 4)
8) start DeepaMehta (as usual by mvn pax:run)

Optionally you can choose the port to be used for HTTPS by setting the org.osgi.service.http.port.secure property.
Note: using ports below 1000 require root permission.

You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set org.apache.felix.http.enable to false.

The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.

See ticket 295.

comment:6 Changed 6 years ago by Jörg Richter

HTTPS configuration for Pax Web (#448).

New config properties in global POM:

org.osgi.service.http.port.secure -- The HTTPS port. Default is 8443.

org.osgi.service.http.secure.enabled -- To enable HTTPS set this to true. Default is false.

`org.ops4j.pax.web.ssl.keystore -- The path to the .keystore file.

org.ops4j.pax.web.ssl.password -- The Key Password (as entered in the keytool).

org.ops4j.pax.web.ssl.keypassword -- The Keystore Password (as entered in the keytool).

Note the confusing wording of the 2 Pax Web password properties.

For keytool usage to create a keystore and a key pair and a self-signed certificate see #295.

See #448.

comment:7 Changed 6 years ago by Jörg Richter

HTTPS configuration for Pax Web (#448).

New config properties in global POM:

org.osgi.service.http.port.secure -- The HTTPS port. Default is 8443.

org.osgi.service.http.secure.enabled -- To enable HTTPS set this to true. Default is false.

`org.ops4j.pax.web.ssl.keystore -- The path to the .keystore file.

org.ops4j.pax.web.ssl.password -- The Key Password (as entered in the keytool).

org.ops4j.pax.web.ssl.keypassword -- The Keystore Password (as entered in the keytool).

Note the confusing wording of the 2 Pax Web password properties.

For keytool usage to create a keystore and a key pair and a self-signed certificate see #295.

See #448.

Note: See TracTickets for help on using tickets.