Short answer: preferably look at letsencrypt for a free certificate (must be renewed every 3 months but there are tools for that)
For instance for the trunk demo we use ## SSL directives SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem" SSLCertificateChainFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem" SSLCACertificatePath "/etc/ssl/certs" ## Custom fragment ProxyRequests Off ProxyPreserveHost On # do not proxy letsencrypt cert renewal requests ProxyPass /.well-known ! ProxyPass / ajp://localhost:8009/ I let you figure the rest out We should really update the Apache+OFBiz+Technical+Production+Setup+Guide HTH Jacques Le 21/03/2018 à 12:09, Schumann Ye a écrit :
Dear Gurus, Can anyone be so kind to show me how to configure ofbiz ssl for a test deployment (on a given domain)? I'd been struggling on this topic for days but still without any clue. What I have done is as follows: 1. I try the link https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide But it ask us to submit the CSR to a third CA authority like VeriSign. I would like to test it only so if possible I would go for a free CA service first. Then with www.sslforfree.com<http://www.sslforfree.com> I could download the following 3 files: 1.1 ca_bundle.crt 1.2 certificate.crt 1.3 private.key What should I do then? 2. Another option is with keytool function I would like to create a self-signed CA. But it still failed and I guessed I didn't do it in the right way. Pls help!!! Best Regards Schumann
