Blogs
Tim Telcik
A Minute Read
Overview
This article outlines the steps for configuring Apache HTTPD and Liferay Portal with SSL.
This article should be used in conjunction with the following articles:
Configuration
Liferay Portal Properties
Add/update file "LIFERAY_HOME/portal-ext.properties" with the following properties :
- company.security.auth.requires.https=true
- web.server.protocol=https
- session.enable.phishing.protection=false
Sample Configuration
Add/update the following properties in "portal-ext.properties" file :
##
## Company
##
#company.default.name=Liferay
company.default.name=My Site Name
#
# This sets the default web id. Omniadmin users must belong to the company
# with this web id.
#
#company.default.web.id=liferay.com
company.default.web.id=mysite.mydomain.com.au
#
# Set this to true to ensure users login with https. If this is set to true
# and you want your HTTP session to contain your credentials after logging
# in, then the property "session.enable.phishing.protection" must be set to
# false or your credentials will only be available in the HTTPS session.
#
#company.security.auth.requires.https=false
company.security.auth.requires.https=true
##
## Web Server
##
#
# Set the HTTP and HTTPs ports when running the portal in a J2EE server that
# is sitting behind another web server like Apache. Set the values to -1 if
# the portal is not running behind another web server like Apache.
#
#web.server.http.port=-1
#web.server.https.port=-1
#
# Set the hostname that will be used when the portlet generates URLs.
# Leaving this blank will mean the host is derived from the servlet
# container.
#
#web.server.host=
web.server.host=mysite.mydomain.com.au
#
# Set the preferred protocol.
#
#web.server.protocol=http
web.server.protocol=https
##
## Session
##
#
# Set this to true to invalidate the session when a user logs into the
# portal. This helps prevents phishing. Set this to false if you need the
# guest user and the authenticated user to have the same session.
#
# Set this to false if the property "company.security.auth.requires.https"
# is set to true and you want to maintain the same credentials across HTTP
# and HTTPS sessions.
#
#session.enable.phishing.protection=true
session.enable.phishing.protection=false
Apache HTTPD Configuration
Add/update file "/etc/httpd/conf/httpd.conf" :
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
References
Related Assets...
No Results Found
More Blog Entries...
Tibor Lipusz
December 13, 2025
José María Muñoz
December 12, 2025
Community
Company
Feedback