SSL: Configure dotCMS to Run SSL - Documentation topics on: certificate,certification,configure dotcms to run ssl,connector,https,jks format,keytool,openssl,server.xml,ssl,.

SSL: Configure dotCMS to Run SSL

To enable dotCMS to serve pages over SSL or https, you need to do the following:

  1. Aquire a valid SSL certificate in JKS format.
  2. Enable the SSL connector in the server.xml file (/dotserver/tomcat-X.x.xx/conf/server.xml).
    • Note: It is strongly recommended that all changes to dotCMS configuration files be made through a ROOT folder plugin.

Edit server.xml

Add the following <Connector> section to server.xml:

<Connector
   port="443"
   protocol="HTTP/1.1"
   SSLEnabled="true"
   address="10.0.0.168"
   maxThreads="150"
   scheme="https"
   secure="true"
   clientAuth="false"
   sslProtocol="TLS"
   keystoreFile="C:\wwwroot\site\conf\ssl.key"
   keystorePass="XXXXX"
/>

Note: Replace the address, keystoreFile, and keystorePass with appropriate values for your site. To avoid problems, it is recommended that you use an absolute path for the keystore.

Verify Your Configuration

Verify the Keystore and Password

To make sure that the keystore and password are valid, enter the following command to list the certificates and keys:

keytool -list -keystore [KeystoreFileName]

Note: Replace [KeystoreFileName] with the same value used for keystoreFile in your server.xml file (above).

Verify the Connection

To make sure your SSL configuration is working, use openssl to open a connection to your https webserver. The following command is the ssl equivalent of telnet [ServerIPAddress] 80:

openssl s_client -connect [ServerIPAddress] -state

Note: Replace [ServerIPAddress] with the same value used for address in your server.xml file (above).