On 29/03/2012 09:25, Bob Lannoy wrote: > Hi, > > with the remark about the use of MD5, I thought of something else. > If I'm not mistaken the connection between console and core is over plain > HTTP. > Do you plan supporting SSL connections between both? I put core behind > SSL but then the console didn't connect. > I saw in the trunk that in the configuration properties for the > console the protocol (scheme) option has been split out so maybe > you're already planning this?
Hi Bob, there is nothing, in principle, that will obstacle core webapp to be available in HTTPS only (and hence the console to connect via HTTPS to the core): only, be sure to overcome usual issues arising when using self-signed certificates in Java: here is a brief checklist I would suggest: 1. put the servlet container with core webapp deployed inside in HTTPS 2. add the certificate of the CA you have used to sign the certificate for the step above in a trustore 3. reference the trustore above when launching the servlet container with console webapp deployed inside This should work: please, let us know whether you succeed. It could also be the case to add a page on our wiki about this. Regards. -- Francesco Chicchiriccò Apache Cocoon PMC and Apache Syncope PPMC Member http://people.apache.org/~ilgrosso/
