/
HowTo configure O3 Portal through SSL (https)

HowTo configure O3 Portal through SSL (https)

Owned by Nicolás Palombo (Unlicensed)
Last updated: 13 Oct, 2008Version comment

Configuring O3 Portal through SSL (https)

Important

Make sure that the O3 Server (JBoss) is not running

  1. Locate folder <O3>/jboss/server/default/deploy/jbossweb-tomcat55.sar
  2. Edit file server.xml
  3. Locate the following section 
    <Connector port="8080" address="$\{jboss.bind.address}"
 maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
 emptySessionPath="true"
 enableLookups="false" redirectPort="8443" acceptCount="100"
 connectionTimeout="20000" disableUploadTimeout="true"/>
  4. Comment this section so that is looks as follows: 
    <\!--  <Connector port="8080" address="$\{jboss.bind.address}"
 maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
 emptySessionPath="true"
 enableLookups="false" redirectPort="8443" acceptCount="100"
 connectionTimeout="20000" disableUploadTimeout="true"/> \-->

    (warning) Note
    If using CAS, this step must be skipped.
    This connector is required for CAS validation.

  5. Locate the following section 
    <\!-- <Connector port="8443" address="$\{jboss.bind.address}"
 maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
 emptySessionPath="true"
 scheme="https" secure="true" clientAuth="false"
 keystoreFile="$\{jboss.server.home.dir}/conf/llave_1.keystore"
 keystorePass="rmi+ssl" sslProtocol = "TLS" /> \-->
  6. Uncomment it so that it looks as follows: 
    <Connector port="8443" address="$\{jboss.bind.address}"
 maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
 emptySessionPath="true"
 scheme="https" secure="true" clientAuth="false"
 keystoreFile="$\{jboss.server.home.dir}/conf/<nombre_llave>.keystore"
 keystorePass="rmi+ssl" sslProtocol = "TLS" />

    <nombre_llave>.keystore

    Corresponds to the name of the key store

    To generate it execute the following command from a command line: 
    On Windows
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore <O3>\jboss\server\default\conf\nombre_llave.keystore
On Linux
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore <O3>/jboss/server/default/conf/nombre_llave.keystore
    When prompted for the first key, indicate rmi+ssl, then enter data as requested
    For the last key just press the ENTER key.
  7. Add the attribute casValidate to the CAS Valve (CASSingleSignOnValve), with value "http://<host>:<port>/cas/proxyValidate", notice that it is not https.
  8. Replace <host> and <port>. Bear in mind that port is that of HTTP, not HTTPS.
  9. Start JBoss