11.8 Configuring the User Application for HTTPS

As first installed, the User Application can be reached only by using HTTP. The following steps configure the User Application so that it can also be reached by using HTTPS. TID 10100226 describes how to accomplish this. Most of the steps below follow the content of the TID, but some have been adapted to comply with Resource Kit requirements.

To enable SSL for JBoss, you must first create an SSL certificate. This is done easily with the keytool command. Follow the steps shown below to generate a new certificate for the User Application to use. You might want to adapt some of the parameters to better reflect your environment. The parameters provided here serve as an example.

  1. From the Computer menu, select Gnome Terminal.

  2. Log in as root by entering su, then enter the root password.

  3. Enter /etc/init.d/userapp stop to stop the User Application.

  4. Enter su idmsa to log in as the idmsa user.

  5. Enter cd /opt/novell/idm/jre/bin to access the directory where the keytool is stored.

  6. Enter ./keytool -genkey -alias userAppKey -keyalg RSA -keystore userapp.keystore -validity 3650 to generate the key.

    The following values can be set to any values you choose. The the values listed are examples.

    • Keystore Password: Specify a password for the keystore.

    • What is your first and last name? Specify User Application for the first and last name.

    • What is the name of your organizational unit? Specify IDM for the name of the organizational unit.

    • What is the name of your organization? Specify company as the name of your organization.

    • What is the name of your City or Locality? Specify the city you are currently in.

    • What is the name of your State or Province? Specify the state you reside in.

    • What is the two-letter country code for this unit? Specify the country you reside in.

    • Is CN=User Application, OU=IDM, O=company, L=Provo, ST=Utah, C=US correct? Specify yes if the information is correct.

    • Enter key password for <userAppkey>: Specify the same password used for the keystore password.

  7. Enter mv userapp.keystore ../../jboss/server/IDMProv/conf/ to move the file to the correct location.

  8. Enter chmod 700 ../../jboss/server/IDMProv/conf/userapp.keystore to change the access rights to the file.

  9. Enter chown idmsa:novell ../../jboss/server/IDMProv/conf/userapp.keystore change the owner of the file.

  10. Enter gedit /opt/novell/idm/jboss/server/IDMPRov/deploy/jboss-web.deployer/server.xml to edit the server.xml file.

  11. In gedit, find the following section:

    <!--
   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
     maxThreads="150" scheme="https" secure="true" 
     clientAuth="false" sslProtocol = "TLS" />
-->
    SSL section of the server.xml file to find

  12. To enable TLS communication, remove the remarks, change the Connector port to 8444, add the keystoreFile parameter, and add the keystorePass parameter.

    
<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="${jboss.server.home.dir}/conf/userapp.keystore" keystorePass="changeit" />
    SSL section of the server.xml file enabled

  13. Select File > Save to save the changes, then select File > Quit to exit gedit.

  14. Restart the User Application by entering sudo /etc/init.d/userapp restart, then enter the root password.

    This might take a couple of minutes.

  15. Enter exit to close the Gnome Terminal.

  16. Log out of the SLES server as idmsa.

  17. Proceed to Section 11.9, Importing the Custom Portal Page.