Ticket #295 (closed Enhancement: fixed)
HTTPS support
Reported by: | jri | Owned by: | jri |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.1 |
Component: | DeepaMehta Standard Distribution | Version: | 4.0.11 |
Keywords: | Cc: | dgf, Malte | |
Complexity: | 3 | Area: | |
Module: |
Description
DM's webserver should optionally run HTTPS.
Change History
comment:2 Changed 12 years ago by Jörg Richter
HTTPS support (#295).
There are new settings in the global POM (resp. in config.properties for the binary distribution):
<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure> <org.apache.felix.http.enable>true</org.apache.felix.http.enable> <org.apache.felix.https.enable>false</org.apache.felix.https.enable> <org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password> <org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>
To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:
1) keytool -genkey
2) Enter a keystore password
3) Enter your name and organization
4) Enter a key password
A file .keystore is created in your home directory.
Then set the properties in the global POM (resp. config.properties)
5) set org.apache.felix.https.enable to true.
6) set org.apache.felix.https.keystore.password to the password you've choosen in step 2)
7) set org.apache.felix.https.keystore.key.password to the password you've choosen in step 4)
8) start DeepaMehta (as usual by mvn pax:run)
Optionally you can choose the port to be used for HTTPS by setting the org.osgi.service.http.port.secure property.
Note: using ports below 1000 require root permission.
You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set org.apache.felix.http.enable to false.
The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.
See ticket 295.
comment:3 Changed 12 years ago by Jörg Richter
HTTPS support (#295).
There are new settings in the global POM (resp. in config.properties for the binary distribution):
<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure> <org.apache.felix.http.enable>true</org.apache.felix.http.enable> <org.apache.felix.https.enable>false</org.apache.felix.https.enable> <org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password> <org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>
To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:
1) keytool -genkey
2) Enter a keystore password
3) Enter your name and organization
4) Enter a key password
A file .keystore is created in your home directory.
Then set the properties in the global POM (resp. config.properties)
5) set org.apache.felix.https.enable to true.
6) set org.apache.felix.https.keystore.password to the password you've choosen in step 2)
7) set org.apache.felix.https.keystore.key.password to the password you've choosen in step 4)
8) start DeepaMehta (as usual by mvn pax:run)
Optionally you can choose the port to be used for HTTPS by setting the org.osgi.service.http.port.secure property.
Note: using ports below 1000 require root permission.
You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set org.apache.felix.http.enable to false.
The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.
See ticket 295.
comment:4 Changed 12 years ago by jri
- Status changed from accepted to closed
- Resolution set to fixed
comment:5 Changed 12 years ago by Jörg Richter
HTTPS support (#295).
There are new settings in the global POM (resp. in config.properties for the binary distribution):
<org.osgi.service.http.port.secure>4433</org.osgi.service.http.port.secure> <org.apache.felix.http.enable>true</org.apache.felix.http.enable> <org.apache.felix.https.enable>false</org.apache.felix.https.enable> <org.apache.felix.https.keystore.password></org.apache.felix.https.keystore.password> <org.apache.felix.https.keystore.key.password></org.apache.felix.https.keystore.key.password>
To enable HTTPS you need a server certificate first.
One easy way is to create a self-signed certificate:
1) keytool -genkey
2) Enter a keystore password
3) Enter your name and organization
4) Enter a key password
A file .keystore is created in your home directory.
Then set the properties in the global POM (resp. config.properties)
5) set org.apache.felix.https.enable to true.
6) set org.apache.felix.https.keystore.password to the password you've choosen in step 2)
7) set org.apache.felix.https.keystore.key.password to the password you've choosen in step 4)
8) start DeepaMehta (as usual by mvn pax:run)
Optionally you can choose the port to be used for HTTPS by setting the org.osgi.service.http.port.secure property.
Note: using ports below 1000 require root permission.
You can run HTTP and HTTPS in parallel or HTTPS exclusively.
To disable HTTP set org.apache.felix.http.enable to false.
The Webclient is automatically launched via the enabled protocol.
If both protocols are enabled the Webclient is launched via HTTPS.
See ticket 295.
comment:6 Changed 10 years ago by Jörg Richter
HTTPS configuration for Pax Web (#448).
New config properties in global POM:
org.osgi.service.http.port.secure -- The HTTPS port. Default is 8443.
org.osgi.service.http.secure.enabled -- To enable HTTPS set this to true. Default is false.
`org.ops4j.pax.web.ssl.keystore -- The path to the .keystore file.
org.ops4j.pax.web.ssl.password -- The Key Password (as entered in the keytool).
org.ops4j.pax.web.ssl.keypassword -- The Keystore Password (as entered in the keytool).
Note the confusing wording of the 2 Pax Web password properties.
For keytool usage to create a keystore and a key pair and a self-signed certificate see #295.
See #448.
comment:7 Changed 10 years ago by Jörg Richter
HTTPS configuration for Pax Web (#448).
New config properties in global POM:
org.osgi.service.http.port.secure -- The HTTPS port. Default is 8443.
org.osgi.service.http.secure.enabled -- To enable HTTPS set this to true. Default is false.
`org.ops4j.pax.web.ssl.keystore -- The path to the .keystore file.
org.ops4j.pax.web.ssl.password -- The Key Password (as entered in the keytool).
org.ops4j.pax.web.ssl.keypassword -- The Keystore Password (as entered in the keytool).
Note the confusing wording of the 2 Pax Web password properties.
For keytool usage to create a keystore and a key pair and a self-signed certificate see #295.
See #448.