> DSpace REST requires SSL, because the client could send the auth-token to any > request
I'd add to that that not only tokens get sent via the connection, but also passwords. Password authentication is currently the only authentication method supported by dspace-rest. > What did you do to configure just REST running as SSL? Here's how you can configure a HTTPS connector in Tomcat: https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html Alternatively, if you prefer setting up HTTPS in Apache HTTPD, you can use mod_proxy_ajp to connect Tomcat with HTTPD: https://wiki.duraspace.org/display/DSPACE/Running+DSpace+on+Standard+Ports If you're going to only run REST via HTTPS, it's fine to use self-signed certificates. Otherwise I'd recommend you get a certificate from a certificate authority. Let's encrypt is a free one that just launched: https://letsencrypt.org/ Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
