Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Configuring O3 Portal through SSL (https)

Important

Make sure that the O3 Server (JBoss) is not running

  1. Locate folder <O3>/jboss/server/default/deploy/jbossweb-tomcat55.sar
  2. Edit file server.xml
  3. Locate the following section
    <Connector port="8080" address="$\{jboss.bind.address}"
     maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
     emptySessionPath="true"
     enableLookups="false" redirectPort="8443" acceptCount="100"
     connectionTimeout="20000" disableUploadTimeout="true"/>
    
  4. Comment this section so that is looks as follows:
    <\!--  <Connector port="8080" address="$\{jboss.bind.address}"
     maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
     emptySessionPath="true"
     enableLookups="false" redirectPort="8443" acceptCount="100"
     connectionTimeout="20000" disableUploadTimeout="true"/> \-->
    

    (warning) Note
    If using CAS, this step must be skipped.
    This connector is required for CAS validation.

  5. Locate the following section
    <\!-- <Connector port="8443" address="$\{jboss.bind.address}"
     maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
     emptySessionPath="true"
     scheme="https" secure="true" clientAuth="false"
     keystoreFile="$\{jboss.server.home.dir}/conf/llave_1.keystore"
     keystorePass="rmi+ssl" sslProtocol = "TLS" /> \-->
    
  6. Uncomment it so that it looks as follows:
    <Connector port="8443" address="$\{jboss.bind.address}"
     maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
     emptySessionPath="true"
     scheme="https" secure="true" clientAuth="false"
     keystoreFile="$\{jboss.server.home.dir}/conf/<nombre_llave>.keystore"
     keystorePass="rmi+ssl" sslProtocol = "TLS" />
    

    <nombre_llave>.keystore

    Corresponds to the name of the key store

    To generate it execute the following command from a command line:
    On Windows
    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore <O3>\jboss\server\default\conf\nombre_llave.keystore
    On Linux
    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore <O3>/jboss/server/default/conf/nombre_llave.keystore
    
    When prompted for the first key, indicate rmi+ssl, then enter data as requested
    For the last key just press the ENTER key.
  7. Add the attribute casValidate to the CAS Valve (CASSingleSignOnValve), with value "http://<host>:<port>/cas/proxyValidate", notice that it is not https.
  8. Replace <host> and <port>. Bear in mind that port is that of HTTP, not HTTPS.
  9. Start JBoss
  • No labels