Enable SSL for the Brand Mobiliser Web UI (HTTPS).
Brand Mobiliser embeds Jetty for its
javax.servlet container capability. Configure Jetty for SSL, and use the X.509
certificate, which SAPĀ® recommends.
- Create a keystore if one does not yet exist:
- On the command line, enter:
keytool -keystore keystore -alias jetty -genkey -keyalg RSA
- Follow the onscreen instructions. Enter the first and last name to match your
machine host name.
- Copy the keystore file to the
BRAND_HOME/conf/keystore
directory.
- In the conf/cfgbackup directory, create an
org.ops4j.pax.web.properties file (if it does not already
exist), and add these lines:
# Enable SSL
org.osgi.service.http.secure.enabled=true
# SSL Port
org.osgi.service.http.port.secure=8443
# Keystore created to hold SSL certificate
org.ops4j.pax.web.ssl.keystore=conf/keystore
# Keys to access Keystore and SSL certificate
org.ops4j.pax.web.ssl.password=password
org.ops4j.pax.web.ssl.keypassword=keypassword
- To encrypt the properties org.ops4j.pax.web.ssl.password and
org.ops4j.pax.web.ssl.keypassword, run the encryption
tool.
- Enter the encrypted passwords, as in the example, below:
# Keys to access Keystore and SSL certificate
org.ops4j.pax.web.ssl.password={enc}cMYSsdsyRNzhyKlrBzbLIUH1z0tux5jykXWxPn76RlU=
org.ops4j.pax.web.ssl.keypassword={enc}$2a$10$xVTSvw3hcCFtZ2DnMav.Te/WsOMBtLC1MV0QLi
- Stop and restart Brand Mobiliser.
- Verify the connection at https://hostname:8443/brand, where
hostname is the name of the machine on which
Brand Mobiliser is running.