Changes for page Development-SSL requests via https protocol
Last modified by Aaron Rosenzweig on 2012/03/19 19:33
From version 48.1
edited by cat4ever
on 2010/11/26 03:31
on 2010/11/26 03:31
Change comment:
There is no comment for this version
To version 47.1
edited by Kieran Kelleher
on 2008/07/21 18:13
on 2008/07/21 18:13
Change comment:
There is no comment for this version
Summary
-
Page properties (3 modified, 0 added, 0 removed)
Details
- Page properties
-
- Title
-
... ... @@ -1,1 +1,1 @@ 1 -Development-SSL requests via https protocol 1 +Web Applications-Development-SSL requests via https protocol - Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. cat4ever1 +XWiki.kieran - Content
-
... ... @@ -1,6 +1,6 @@ 1 1 == Introduction == 2 2 3 -Sooner or later you will need to develop WebObjects applications that work with SSL requests over https protocol. If ssl is configured on your deployment server, you can probably just change http to https in the app entry URL and the app will probably just work over https protocol. However if your application requires security, you cannot just depend on your users typing in a URL that begins with https. Also since SSL encryption adds more load to the webserver, you may want decide that just some pages need to be returned securely over https and the rest returned via plain old http. In any case, you may want to or need to set up your local OS X development machine to support https protocol so that you can properly test your application. Note also that setting up ssl for testing can be a far simpler task (and not really secure) than setting up real authentic SSL certificates for use in a production server. 3 +Sooner or later you will need to develop WebObjects applications that work with SSL requests over https protocol. If ssl is configured on your deployment server, you can probably just change http to https in the app entry URL and the app will probably just work over https protocol. However if your application requires security, you cannot just depend on your users typing in a URL that begins with https. Also since SSL encryption adds more load to the webserver, you may want decide that just some pages need to be returned securely over https and the rest returned via plain old http. In any case, you may want to or need to set up your local OS X development machine to support https protocol so that you can properly test your application. This article endeavors to do this in a concise way while referring to 3rd party sources where applicable. Note also that setting up ssl for testing can be a far simpler task (and not really secure) than setting up real authentic SSL certificates for use in a production server. 4 4 5 5 {{info title="Compatability"}} 6 6 ... ... @@ -15,14 +15,6 @@ 15 15 16 16 {{/info}} 17 17 18 -=== References === 19 - 20 -* [[http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert]] 21 -* [[http://homepage.mac.com/kelleherk/iblog/C463983418/E683365024/index.html]] 22 -* [[http://www.macosxhints.com/article.php?story=20080628074917113]] 23 -* [[http://www.macosxhints.com/article.php?story=20041129143420344]] 24 -* [[http://developer.apple.com/internet/serverside/modssl.html]] 25 - 26 26 == Development via Apache Webserver == 27 27 28 28 By default, WebObjects development installations typically run via DirectConnect. For https development, we must run thru the apache webserver built in to every OS X machine. So before going any further, configure your WebObjects development environment so that your development application launches and [[runs thru apache>>Development Tools-Running Through Apache]] using the host name "localhost". ... ... @@ -51,7 +51,7 @@ 51 51 52 52 {{noformat}} 53 53 54 -bash-3.2# openssl req - days 3650 -new -x509 -nodes -out localhost_server.crt -keyout localhost_server.key46 +bash-3.2# openssl req -new -x509 -nodes -out localhost_server.crt -keyout localhost_server.key 55 55 56 56 Generating a 1024 bit RSA private key 57 57 .........................++++++ ... ... @@ -85,34 +85,17 @@ 85 85 86 86 === Configure Apache2 to Use Your Development Certificates for localhost === 87 87 88 -Using you rfavoritecommand line editor, edit the apache config file at89 - **/etc/apache2/httpd.conf**80 +Using you favorite text editor, edit the apache2 config file at 81 +/etc/apache2/httpd.conf 90 90 making the changes shown in the following 2 screenshots: 91 91 92 -{{panel title="Setting Apache server name to localhost"}} 84 +[[image:step1_servernamelocalhost.jpg]] 85 + [[image:step2_includesslconfig.jpg]] 86 + 87 +Next edit the ssl config file itself making the changes shown in the following sceenshot: 88 +\\ [[image:step3_sslconfig.jpg]] 89 +\\Finally, restart apache 93 93 94 -!step1_servernamelocalhost.jpg! 95 - 96 -{{/panel}} 97 - 98 -{{panel title="Including SSL Configuration file into main Apache config file"}} 99 - 100 -!step2_includesslconfig.jpg! 101 - 102 -{{/panel}} 103 - 104 -Next edit the ssl config file itself at 105 -**/etc/apache2/extra/httpd-ssl.conf** 106 -making the changes shown in the following sceenshot: 107 - 108 -{{panel title="Setting up the SSL Config file"}} 109 - 110 -!step3_sslconfig.jpg! 111 - 112 -{{/panel}} 113 - 114 -Restart apache 115 - 116 116 {{noformat}} 117 117 118 118 bash-3.2# apachectl graceful ... ... @@ -119,28 +119,6 @@ 119 119 120 120 {{/noformat}} 121 121 122 -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- 123 - 124 -JEFF SCHMITZ 125 - 126 -Right at this point I got the error: 127 - 128 -ulimit: open files: cannot modify limit: Invalid arg 129 - 130 -After a quick google search I found this which seems to have fixed the error: 131 - 132 -http:~/~/www.perkiset.org/forum/all_things_apple/apache_osx_and_ulimit_a_little_chunk_of_weirdness-t909.0.html 133 - 134 -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- 135 - 136 -Finally, verify that https is working: 137 - 138 -{{panel title="Verify https://localhost is working"}} 139 - 140 -!httpslocalhost2.jpg! 141 - 142 -{{/panel}} 143 - 144 144 == Detecting SSL == 145 145 146 146 Code for detecting whether SSL is active for the current request: