Re: [Dspace-tech] Enabling SSL
Also, I realized early on there are many reasons to terminate your SSL with something other than Tomcat. We used Apache http for a while, and now I've switched to nginx. For reference, here's our nginx vhost config: https://gist.github.com/alanorth/ddde5e9d6c55b3637513 You'll want the xmlui.force.ssl option as helix84 pointed to, and there are a few variables in our config that are interpolated from ansible during deployment of the server... but you get the picture. Alan On Thu Dec 11 2014 at 4:02:24 PM helix84 wrote: > Forgot to include the link for SSL configuration in Tomcat (both options): > > http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration > > > Regards, > ~~helix84 > > Compulsory reading: DSpace Mailing List Etiquette > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > > > -- > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&; > iu=/4140/ostg.clktrk > ___ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+ > Etiquette > -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Enabling SSL
Forgot to include the link for SSL configuration in Tomcat (both options): http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Enabling SSL
On Thu, Dec 11, 2014 at 1:11 PM, Olivier Nicole wrote: > When I keytool -imported the server.pem in tomcat, the file server.pem > contains only the certificate (SSLCertificateFile in Apache), not the > private key (SSLCertificateKeyFile in Apache). Could that be the > reason why? Please note that there are 2 options for syntax of the SSL Connector attributes depending on whether you're running with native APR (which uses OpenSSL) or the default Java SSL implementation (JSSE). > Where/how can I see logs of what is happening? Try "tail -f catalina.out". If you don't see anything relevant, it's possible you may have to tweak tomcat's log level somewhere (I don't know off the top of my head where). > Once SSL will be working with tomcat, how to enable it in DSpace? For > the moment, when I login, it all goes through the non-SSL connector? For XMLUI, in dspace.cfg use xmlui.force.ssl = true For several reasons (most prominently for Shibboleth SP), it is also common to simply put Apache HTTPD as a front-end for Tomcat. In such a configuration, typically Apache would proxy requests to Tomcat via the AJP protocol. This would let you allow Apache handle SSL configuration, rewrites etc in a (hopefully) familiar way. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Enabling SSL
Hi, I have DSpace 4.2 running on FreeBSD 9.2. I am trying to enable SSL, following the official documentation in DSpace-Manual.pdf I have defined a conector 8443 in tomcat, I see that the port is listening, but I cannot get a page (I assume the page should be of the form https://www.cs.ait.a c.th:8443/xmlui). The non-SSL part is working fine. When I keytool -imported the server.pem in tomcat, the file server.pem contains only the certificate (SSLCertificateFile in Apache), not the private key (SSLCertificateKeyFile in Apache). Could that be the reason why? Where/how can I see logs of what is happening? Once SSL will be working with tomcat, how to enable it in DSpace? For the moment, when I login, it all goes through the non-SSL connector? I am completely new to tomcat, I apologize if my questions are naive. Best regards, Olivier -- -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette