It is recommended using HTTPS on websites, both for its site classification systems in search results, but also to handle security issues, since information exchanges between users (browsers) are encrypted and cannot, therefore, be easily intercepted.
The features that collect your location data (Geolocation Widget, Route Planner Widget, …) only work in HTTPS.
You will need to contact your IS/hosting provider who will suggest certificates and setup methods that can vary from one hosting provider to another, or as a function of your server architecture.
Setting up an SSL certificate is described (in English) in the official documentation at the site Tomcat.
This method describes how to roll out a self-signed certificate with OpenSSL.
![[Warning]](images/community/docbook/warning.png) |
Warning |
|---|---|
|
A self-signed certificate allows you to test all Geoconcept Web functionalities, but as it is not a certificate delivered by an official organisation, users will see, on opening the portal, messages indicating "Connection not secure", "There is a problem with this site’s security certificate", "Your connection is not private", … |
System requirements
- JVM must be installed on the server: this should be a JDK version, and not JRE, since OpenSSL requires utilisation of the keytool library available only with the JDK version.
- If the JAVA_HOME environment variable does not exist, create it in the command line and make it point at the JDK folder:
set JAVA_HOME=<Path ex: c:\Program Files\Java\jdk1.8.0_60>
- If OpenSSL is not installed, retrieve the binaries from one of the site’s Community pages OpenSSL and deploy them on the server.
Creating the self-signed certificate
- Create a folder on the server to store the keystore. As an example, we will take c:/keystore.
- From the folder created earlier, in the command line, run the certificate creation line:
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
Fill in the items of information requested and retain the password PASSWORD as filled in already to use in the next step.
-
Stop Tomcat, and then modify the
server.xmlfile (in the \tomcat\conf\ folder)- De-comment the block
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
- add to the interior of this block
keystoreFile="c:\keystore\keystore.jks" keystorePass="PASSWORD"
- either
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="c:\keystore\keystore.jks"
keystorePass="PASSWORD"/>
The certificate is deployed and you can then access your portal:
Force all applications to use HTTPS
|
Warning |
|---|---|
|
Take care when adding these lines, as this will force all applications deployed in Tomcat to use the HTTPS protocol, check before applying the modification that they are really compatible with this protocol. |
- Stop Tomcat, and then edit the web.xml file (in the \tomcat\conf\ folder) adding <web-app> block:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Any HTTP query is re-routed in HTTPS
