Configuring LiveContent S1000D for use with HTTPS
If you use the HTTPS protocol, you must configure LiveContent S1000D to use an SSL connection with the Jetty server.
Procedure
- Set up the SSL certificate for Jetty. Refer to http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html to learn how (ignore all steps from "Configure Jetty" onward).
- Note down the path name of the new SSL connector keystore.
- Create one or two obfuscated secure passwords. Refer to http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html to learn how. These passwords will be used for the SSL connector keystore and the manager user.
You have several generated secure versions of one or two passwords, for example:
OBF:20771x1b206zMD5:639bae9ac6b3e1a84cebb7b403297b79CRYPT:me/ks90E221EY
- Note down the OBF version of the passwords for the keystore and for the manager user.
- Navigate to the collection directory of the collection for which you want to configure an SSL connection.
- Open wietmsd_prg.xml for editing.
- Within the
<application>section, add the following:<!-- Set <value> to 1 to use an SSL connection with the Jetty server --> <configitem name="app.secure_connection"> <value>1</value> </configitem> <!-- SSL configuration. Use only if app.secure_connection is set to 1. --> <configitem name="app.keystore_location"> <value>KEYSTOREPATH</value> </configitem> <configitem name="app.keystore_password"> <value>KEYSTOREPASSWORD</value> </configitem> <configitem name="app.manager_password"> <value>MANAGERPASSWORD</value> </configitem>where:- KEYSTOREPATH is the path name of the new SSL connector keystore
- KEYSTOREPASSWORD is the obfuscated version of the keystore password (including
OBF:at the beginning) - MANAGERPASSWORD is the obfuscated version of the manager user password (including
OBF:at the beginning)
- If you want to change the default port used by LiveContent S1000D, then within the
<application>section, find the following section and change the value of<value>:<configitem name="app.port"> <comments>Server port</comments> <value>XXX</value> </configitem>In this fragment, set XXX to the default port used (for HTTPS, this would by default be 443).
- Save and close wietmsd_prg.xml.
- In the same location, open launch.ini for editing.
- Find the property called
AccessURL1in this file and make the following changes to its value:- Change the protocol at the beginning of the URL from
http://tohttps://. - Change the host name to the fully qualified host name as defined in your SSL certificate.
- If you do not use the default HTTPS port, 443, add
:PORTNUMBERafter the host name, where PORTNUMBER is the non-default number of your HTTPS port.
Your property now resembles one of the following:AccessURL1=https://ietm.example.com/servlets3/wietmsd(if running on the default HTTPS port, 443)AccessURL1=https://ietm.example.com:886/servlets3/wietmsd(if running on a non-default HTTPS port, 886 in this example)
- Change the protocol at the beginning of the URL from
- Find the property called
AccessURL2in the file and make the same change to its value. - Save and close launch.ini.