Administrator

Enabling SSL

Enable SSL for the Web UI (HTTPS).

Context

SMS Builder embeds Jetty for its javax.servlet container capability. Configure Jetty for SSL, and use the X.509 certificate, which SAP recommends.

Procedure

  1. Create a keystore if one does not yet exist:
    1. On the command line, enter:
      keytool -keystore keystore -alias jetty -genkey -keyalg RSA
    2. Follow the onscreen instructions. Enter the first and last name to match your machine host name.
    3. Copy the keystore file to the <SMSBUILDER_HOME>/conf/keystore directory.
  2. In the conf/cfgbackup directory, create an org.ops4j.pax.web.properties file (if it does not already exist), and add these lines:
    # Enable SSL
    org.osgi.service.http.secure.enabled=true 
    
    # SSL Port
    org.osgi.service.http.port.secure=8443
    
    # Keystore created to hold SSL certificate 
    org.ops4j.pax.web.ssl.keystore=conf/keystore 
    
    # Keys to access Keystore and SSL certificate 
    org.ops4j.pax.web.ssl.password=password 
    org.ops4j.pax.web.ssl.keypassword=keypassword 
    
  3. To encrypt the properties org.ops4j.pax.web.ssl.password and org.ops4j.pax.web.ssl.keypassword, run the encryption tool.
  4. Enter the encrypted passwords, as in the example, below:
    # Keys to access Keystore and SSL certificate 
    org.ops4j.pax.web.ssl.password={enc}cMYSsdsyRNzhyKlrBzbLIUH1z0tux5jykXWxPn76RlU= 
    org.ops4j.pax.web.ssl.keypassword={enc}$2a$10$xVTSvw3hcCFtZ2DnMav.Te/WsOMBtLC1MV0QLi  
    
  5. Stop and restart the server.
  6. Verify the connection at https://<hostname>:8443/brand, where <hostname> is the name of the machine on which the server is running.

Results

For more information about configuring Jetty for SSL, see http://www.eclipse.org/jetty/documentation/current/Information published on non-SAP site