Note: this documentation is based on Apache Tomcat SSL Documentation.
Using SSL with Silverpeas is quite transparent since most of the work is on JBoss configuration.
First, you have to create a keystore to hold your certificates. JBoss supports the following formats : JKS and PKCS12.
To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like:
For more advanced cases, consult the OpenSSL documentation. To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line:
After executing this command, you will first be prompted for the keystore password. The default
password used by JBoss is "changeit" (all lower case), although you can specify a custom
password if you like. You will also need to specify the custom password in the server.xml
configuration file, as described later.
Next, you will be prompted for general information about this Certificate, such as company, contact name, and so on. This information will be displayed to users who attempt to access a secure page in your application, so make sure that the information provided here matches what they will expect.br/> Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). You MUST use the same password here as was used for the keystore password itself. (Currently, the keytool prompt will tell you that pressing the ENTER key does this for you automatically.)
If everything was successful, you now have a keystore file with a Certificate that can be used by your server.
With Silverpeas you can have an HTTPS login, thus authentication is secured, with an HTTP intranet (for performance). This feature is activated by configuration. First, you have to enable SSL (following the preceding instructions) then you have to configure Silverpeas using the following XML block into your CustomerSettings.xml