To enable dotCMS to serve pages over SSL or https, you need to do the following:
- Aquire a valid SSL certificate in JKS format.
- Enable the SSL connector in the server.xml file (/dotserver/tomcat-X.x.xx/conf/server.xml).
- Note: It is strongly recommended that all changes to dotCMS configuration files be made through a ROOT folder plugin.
Add the following
<Connector> section to server.xml:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" address="10.0.0.168" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\wwwroot\site\conf\ssl.key" keystorePass="XXXXX" />
Note: Replace the address, keystoreFile, and keystorePass with appropriate values for your site. To avoid problems, it is recommended that you use an absolute path for the keystore.
Verify Your Configuration
Verify the Keystore and Password
To make sure that the keystore and password are valid, enter the following command to list the certificates and keys:
keytool -list -keystore [KeystoreFileName]
Note: Replace [KeystoreFileName] with the same value used for keystoreFile in your server.xml file (above).
Verify the Connection
To make sure your SSL configuration is working, use openssl to open a connection to your https webserver. The following command is the ssl equivalent of
telnet [ServerIPAddress] 80:
openssl s_client -connect [ServerIPAddress] -state
Note: Replace [ServerIPAddress] with the same value used for address in your server.xml file (above).