Hi Francesco, indeed it works ;) I did it on a Tomcat 6 instance. * enabled SSL for core * referenced the truststore for console through JVM params -Djavax.net.ssl.trustStore="...mykeystore.jks" -Djavax.net.ssl.trustStorePassword="mykeystore" * put the right params in configuration.properties (https, hostname as in certificate) I'll be happy to put up a wiki page for that. There's one thing I didn't like and that's I have to pass the truststore params to the VM in command line. Perhaps there's a way to specify the truststore in the configuration somewhere?
regards Bob 2012/3/29 Francesco Chicchiriccò <[email protected]>: > On 29/03/2012 09:25, Bob Lannoy wrote: >> Hi, >> >> with the remark about the use of MD5, I thought of something else. >> If I'm not mistaken the connection between console and core is over plain >> HTTP. >> Do you plan supporting SSL connections between both? I put core behind >> SSL but then the console didn't connect. >> I saw in the trunk that in the configuration properties for the >> console the protocol (scheme) option has been split out so maybe >> you're already planning this? > > Hi Bob, > there is nothing, in principle, that will obstacle core webapp to be > available in HTTPS only (and hence the console to connect via HTTPS to > the core): only, be sure to overcome usual issues arising when using > self-signed certificates in Java: here is a brief checklist I would suggest: > > 1. put the servlet container with core webapp deployed inside in HTTPS > 2. add the certificate of the CA you have used to sign the certificate > for the step above in a trustore > 3. reference the trustore above when launching the servlet container > with console webapp deployed inside > > This should work: please, let us know whether you succeed. > It could also be the case to add a page on our wiki about this. > > Regards. > > -- > Francesco Chicchiriccò > > Apache Cocoon PMC and Apache Syncope PPMC Member > http://people.apache.org/~ilgrosso/ >
