Blogs

Blogs

SSL Configuration in Liferay (HTTPS)

For SSL certificate Configuration in Liferay 6.2

First we need to download the ssl certificate files from the SSL certificate service provider(Obviously you have to pay for the service before utilizing it) then create the keystore using the ssl certificates downloaded.

FOLLOWING ARE THE STEPS TO CREATE THE KEYSTORE FOR TOMCAT.
keytool -keysize 2048 -genkey -alias tomcat
 -keyalg RSA -keystore tomcat.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Shahbaz Khan
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:  Shahbaz Khan
What is the name of your City or Locality?
  [Unknown]:  Hyderabad
What is the name of your State or Province?
  [Unknown]:  Telangana
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Shahbaz Khan, OU=Unknown, O=Shahbaz Khan, L=Hyderabad, ST=Telangana,
C=IN correct?
  [no]:  yes
 
Enter key password for <tomcat>
        (RETURN if same as keystore password):

 

Import the intermed certificate, root certificate and the CSR provided by the Service provider based on your domain
FOLLOWING ARE THE SYNTAX FOR WINDOWS :
keytool -certreq -alias tomcat -file khan.csr -keystore tomcat.keystore
Enter keystore password:

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gdroot-g2.crt
Enter keystore password:
Trust this certificate? [no]:  yes
Certificate was added to keystore
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
Enter keystore password:
Certificate was added to keystore
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file XXXXKHANXXXX.crt
Enter keystore password:
Certificate reply was installed in keystore
Now, the keystore is ready for installing on the tomcat server.


Modify 3 files from the Liferay tomcat bundle, 1. server.xml, web.xml and portal-ext.properties(or  portal-setup-wizard.proeprties)

1. In server.xml file, 
     <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="C:\Users\Administrator\Downloads\ssl\tomcat.keystore" keystorePass="UAO9406"
            clientAuth="false" sslProtocol="TLS" />
    

2. In web.xml, add the following tag in the <web-app> tag just before </web-app>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>securedapp</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

3. Add the following properties in portal-ext.properties or portal-setup-wizard.properties
    company.security.auth.requires.https=true
    session.enable.phishing.protection=false
    web.server.protocol=https
1