You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by bu...@apache.org on 2011/10/21 14:57:05 UTC
svn commit: r797292 -
/websites/staging/rave/trunk/content/rave/documentation/configure-ssl.html
Author: buildbot
Date: Fri Oct 21 12:57:05 2011
New Revision: 797292
Log:
Staging update by buildbot
Modified:
websites/staging/rave/trunk/content/rave/documentation/configure-ssl.html
Modified: websites/staging/rave/trunk/content/rave/documentation/configure-ssl.html
==============================================================================
--- websites/staging/rave/trunk/content/rave/documentation/configure-ssl.html (original)
+++ websites/staging/rave/trunk/content/rave/documentation/configure-ssl.html Fri Oct 21 12:57:05 2011
@@ -20,7 +20,7 @@
-->
<link rel="shortcut icon" href="/rave/images/RAVE-icon.ico" type="image/x-icon" />
<link href="/rave/css/rave.css" rel="stylesheet" type="text/css">
- <title>Configuring Rave for SSL
</title>
+ <title>Configuring Rave for SSL</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
@@ -67,7 +67,7 @@
</div>
<div id="content">
- <h1 class="title">Configuring Rave for SSL
</h1>
+ <h1 class="title">Configuring Rave for SSL</h1>
<h2 id="prerequisites">Prerequisites</h2>
<p>To follow these instructions you'll need a working copy of Rave up and running under Tomcat 6. Please see the <a href="installing.html">Installing Rave</a> page for instructions on how to get up and running.<br />
</p>
@@ -78,41 +78,54 @@
<ul>
<li>
<p>Copy the default cacerts file to /temp/tomcat (this allows you to not have to pollute your real cacerts file with test certs).</p>
-<p>cp "%JAVA_HOME%/jre/lib/security/cacerts" "/temp/tomcat/custom-cacerts"</p>
+<div class="codehilite"><pre><span class="n">cp</span> <span class="s">"%JAVA_HOME%/jre/lib/security/cacerts"</span> <span class="s">"/temp/tomcat/custom-cacerts"</span>
+</pre></div>
+
+
</li>
<li>
<p>Generate a self signed certificate that you'll use with Tomcat.</p>
-<p>"%JAVA_HOME%binkeytool" -genkey -alias tomcat -keyalg RSA -validity 365 -storepass changeit -keystore /temp/tomcat/custom-cacerts</p>
-<p>What is your first and last name?
- [Unknown]: rave-server.example.com
-What is the name of your organizational unit?
- [Unknown]: example unit
-What is the name of your organization?
- [Unknown]: example organization
-What is the name of your City or Locality?
- [Unknown]: example city
-What is the name of your State or Province?
- [Unknown]: example state
-What is the two-letter country code for this unit?
- [Unknown]: US
-Is CN=rave-server.example.com, OU=example unit, O=example organization, L=example city, ST=example state, C=US correct?
- [no]: yes</p>
-<p>Enter key password for <tomcat>
- (RETURN if same as keystore password):</p>
+<div class="codehilite"><pre><span class="s">"%JAVA_HOME%\bin\keytool"</span> <span class="o">-</span><span class="n">genkey</span> <span class="o">-</span><span class="n">alias</span> <span class="n">tomcat</span> <span class="o">-</span><span class="n">keyalg</span> <span class="n">RSA</span> <span class="o">-</span><span class="n">validity</span> <span class="mi">365</span> <span class="o">-</span><span class="n">storepass</span> <span class="n">changeit</span> <span class="o">-</span><span class="n">keystore</span> <span class="sr">/temp/</span><span class="n">tomcat</span><span class="o">/</span><span class="n">custom</span><span class="o">-</span><span class="n">cacerts</span>
+
+<span class="n">What</span> <span class="n">is</span> <span class="n">your</span> <span class="n">first</span> <span class="ow">and</span> <span class="k">last</span> <span class="n">name</span><span class="p">?</span>
+ <span class="p">[</span><span class="n">Unknown</span><span class="p">]:</span> <span class="n">rave</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span>
+<span class="n">What</span> <span class="n">is</span> <span class="n">the</span> <span class="n">name</span> <span class="n">of</span> <span class="n">your</span> <span class="n">organizational</span> <span class="n">unit</span><span class="p">?</span>
+ <span class="p">[</span><span class="n">Unknown</span><span class="p">]:</span> <span class="n">example</span> <span class="n">unit</span>
+<span class="n">What</span> <span class="n">is</span> <span class="n">the</span> <span class="n">name</span> <span class="n">of</span> <span class="n">your</span> <span class="n">organization</span><span class="p">?</span>
+ <span class="p">[</span><span class="n">Unknown</span><span class="p">]:</span> <span class="n">example</span> <span class="n">organization</span>
+<span class="n">What</span> <span class="n">is</span> <span class="n">the</span> <span class="n">name</span> <span class="n">of</span> <span class="n">your</span> <span class="n">City</span> <span class="ow">or</span> <span class="n">Locality</span><span class="p">?</span>
+ <span class="p">[</span><span class="n">Unknown</span><span class="p">]:</span> <span class="n">example</span> <span class="n">city</span>
+<span class="n">What</span> <span class="n">is</span> <span class="n">the</span> <span class="n">name</span> <span class="n">of</span> <span class="n">your</span> <span class="n">State</span> <span class="ow">or</span> <span class="n">Province</span><span class="p">?</span>
+ <span class="p">[</span><span class="n">Unknown</span><span class="p">]:</span> <span class="n">example</span> <span class="n">state</span>
+<span class="n">What</span> <span class="n">is</span> <span class="n">the</span> <span class="n">two</span><span class="o">-</span><span class="n">letter</span> <span class="n">country</span> <span class="n">code</span> <span class="k">for</span> <span class="n">this</span> <span class="n">unit</span><span class="p">?</span>
+ <span class="p">[</span><span class="n">Unknown</span><span class="p">]:</span> <span class="n">US</span>
+<span class="n">Is</span> <span class="n">CN</span><span class="o">=</span><span class="n">rave</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span><span class="p">,</span> <span class="n">OU</span><span class="o">=</span><span class="n">example</span> <span class="n">unit</span><span class="p">,</span> <span class="n">O</span><span class="o">=</span><span class="n">example</span> <span class="n">organization</span><span class="p">,</span> <span class="n">L</span><span class="o">=</span><span class="n">example</span> <span class="n">city</span><span class="p">,</span> <span class="n">ST</span><span class="o">=</span><span class="n">example</span> <span class="n">state</span><span class="p">,</span> <span class="n">C</span><span class="o">=</span><span class="n">US</span> <span class="n">correct</span><span class="p">?</span>
+ <span class="p">[</span><span class="nb">no</span><span class="p">]:</span> <span class="n">yes</span>
+
+<span class="n">Enter</span> <span class="n">key</span> <span class="n">password</span> <span class="k">for</span> <span class="sr"><tomcat></span>
+ <span class="p">(</span><span class="n">RETURN</span> <span class="k">if</span> <span class="n">same</span> <span class="n">as</span> <span class="n">keystore</span> <span class="n">password</span><span class="p">):</span>
+</pre></div>
+
+
</li>
<li>
<p>Edit Tomcats startup.bat file to get the JVM to use our alternate cacerts file. It is important for the JVM to trust our self signed certificate because Rave makes HTTP requests to Shindig to fetch gadget metadata, and if those requests are over SSL then the JVM must trust the certificate being used for the SSL communication.</p>
-<p>** Added the following line above the "call "%EXECUTABLE%" start ..." line:</p>
-<p>set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=c:temptomcatcustom-cacerts</p>
+<p>(added the following line above the "call "%EXECUTABLE%" start ..." line)</p>
+<div class="codehilite"><pre><span class="n">set</span> <span class="n">JAVA_OPTS</span><span class="o">=</span><span class="nv">%JAVA_OPTS%</span> <span class="err">-</span><span class="nv">Djavax</span><span class="o">.</span><span class="n">net</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">trustStore</span><span class="o">=</span><span class="n">c:</span><span class="o">\</span><span class="n">temp</span><span class="o">\</span><span class="n">tomcat</span><span class="o">\</span><span class="n">custom</span><span class="o">-</span><span class="n">cacerts</span>
+</pre></div>
+
+
</li>
<li>
<p>Edit Tomcats server.xml to enable an SSL listener on port 443 using our alternate cacerts file. By default Tomcat looks for a certificate with the alias "tomcat" which is what we used to create our self signed certificate.</p>
-<p><strong> Did a search and replace of 8443 with 443
-</strong> Uncommented the HTTPS connector and configured it to use our custom cacerts file:</p>
-<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true"
- keystoreFile="c:�klzzwxh:0005�emp�klzzwxh:0006�omcat�klzzwxh:0007�ustom-cacerts" keystorePass="changeit"
- clientAuth="false" sslProtocol="TLS" />
+<p>(did a search and replace of 8443 with 443) <br />
+(uncommented the HTTPS connector and configured it to use our custom cacerts file)</p>
+<div class="codehilite"><pre><span class="o"><</span><span class="n">Connector</span> <span class="n">port</span><span class="o">=</span><span class="s">"443"</span> <span class="n">protocol</span><span class="o">=</span><span class="s">"HTTP/1.1"</span> <span class="n">SSLEnabled</span><span class="o">=</span><span class="s">"true"</span>
+ <span class="n">maxThreads</span><span class="o">=</span><span class="s">"150"</span> <span class="n">scheme</span><span class="o">=</span><span class="s">"https"</span> <span class="n">secure</span><span class="o">=</span><span class="s">"true"</span>
+ <span class="n">keystoreFile</span><span class="o">=</span><span class="s">"c:\temp\tomcat\custom-cacerts"</span> <span class="n">keystorePass</span><span class="o">=</span><span class="s">"changeit"</span>
+ <span class="n">clientAuth</span><span class="o">=</span><span class="s">"false"</span> <span class="n">sslProtocol</span><span class="o">=</span><span class="s">"TLS"</span> <span class="o">/></span>
+</pre></div>
+
</li>
<li>
@@ -128,19 +141,25 @@ Also note that the rest of Rave wont wor
<ul>
<li>
<p>Edit the /temp/tomcat/webapps/portal/WEB-INF/classes/portal.properties file to configure Rave to use SSL.</p>
-<p>** Updated the following values at the top of the portal.properties config file with:</p>
-<p>portal.opensocial_engine.protocol=https
-portal.opensocial_engine.root=rave-server.example.com
-portal.opensocial_engine.gadget_path=/gadgets</p>
+<p>(updated the following values at the top of the portal.properties config file with)</p>
+<div class="codehilite"><pre><span class="n">portal</span><span class="o">.</span><span class="n">opensocial_engine</span><span class="o">.</span><span class="n">protocol</span><span class="o">=</span><span class="n">https</span>
+<span class="n">portal</span><span class="o">.</span><span class="n">opensocial_engine</span><span class="o">.</span><span class="n">root</span><span class="o">=</span><span class="n">rave</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span>
+<span class="n">portal</span><span class="o">.</span><span class="n">opensocial_engine</span><span class="o">.</span><span class="n">gadget_path</span><span class="o">=/</span><span class="n">gadgets</span>
+</pre></div>
+
+
</li>
<li>
<p>Edit the /temp/tomcat/webapps/ROOT/WEB-INF/classes/rave.shindig.properties and /temp/tomcat/webapps/ROOT/WEB-INF/classes/containers/default/container.js files to configure Shindig to use SSL.</p>
<p>Note - there may be other ways to get Shindig to use SSL but this method does work.
Also note - the changes to container.js are a search and replace of http:// with https://</p>
-<p>** Updated the following values at the top of the rave.shindig.properties config file with:</p>
-<p>shindig.host=rave-server.example.com
-shindig.port=
-shindig.contextroot=</p>
+<p>(updated the following values at the top of the rave.shindig.properties config file with)</p>
+<div class="codehilite"><pre><span class="n">shindig</span><span class="o">.</span><span class="n">host</span><span class="o">=</span><span class="n">rave</span><span class="o">-</span><span class="n">server</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span>
+<span class="n">shindig</span><span class="o">.</span><span class="n">port</span><span class="o">=</span>
+<span class="n">shindig</span><span class="o">.</span><span class="n">contextroot</span><span class="o">=</span>
+</pre></div>
+
+
</li>
<li>
<p>Startup Tomcat and verify that Rave runs properly on https://rave-server.example.com/portal</p>