Last modified by Aaron Rosenzweig on 2012/03/19 19:33

From version 54.1
edited by Pascal Robert
on 2012/01/27 09:14
Change comment: There is no comment for this version
To version 57.1
edited by Paul Hoadley
on 2012/03/19 19:33
Change comment: Migrated to Confluence 5.3

Summary

Details

Page properties
Parent
... ... @@ -1,0 +1,1 @@
1 +How-tos
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.probert
1 +XWiki.paulh
Tags
... ... @@ -1,0 +1,1 @@
1 +wikireview|deployment
Content
... ... @@ -3,35 +3,32 @@
3 3  Sooner or later you will need to develop WebObjects applications that work with SSL requests over https protocol. If ssl is configured on your deployment server, you can probably just change http to https in the app entry URL and the app will probably just work over https protocol. However if your application requires security, you cannot just depend on your users typing in a URL that begins with https. Also since SSL encryption adds more load to the webserver, you may want decide that just some pages need to be returned securely over https and the rest returned via plain old http. In any case, you may want to or need to set up your local OS X development machine to support https protocol so that you can properly test your application. Note also that setting up ssl for testing can be a far simpler task (and not really secure) than setting up real authentic SSL certificates for use in a production server.
4 4  
5 5  {{info title="Compatability"}}
6 -
7 7  These instructions were written and tested on the following, but should work on any 10.5.X config or later
7 +
8 8  * OS X Leopard Client 10.5.4
9 9  * Standard built-in apache2
10 10  * If you like record and verify your OS config as follows:
11 11  ** $ openssl version
12 12  *** OpenSSL 0.9.8g 19 Oct 2007
13 -** $ httpd \-v
13 +** $ httpd -v
14 14  *** Server version: Apache/2.2.8 (Unix)
15 -
16 16  {{/info}}
17 17  
18 18  === References ===
19 19  
20 -* [[http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert]]
21 -* [[http://homepage.mac.com/kelleherk/iblog/C463983418/E683365024/index.html]]
22 -* [[http://www.macosxhints.com/article.php?story=20080628074917113]]
23 -* [[http://www.macosxhints.com/article.php?story=20041129143420344]]
24 -* [[http://developer.apple.com/internet/serverside/modssl.html]]
19 +* [[http:~~/~~/httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert>>url:http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert||shape="rect"]]
20 +* [[http:~~/~~/www.macosxhints.com/article.php?story=20080628074917113>>url:http://www.macosxhints.com/article.php?story=20080628074917113||shape="rect"]]
21 +* [[http:~~/~~/www.macosxhints.com/article.php?story=20041129143420344>>url:http://www.macosxhints.com/article.php?story=20041129143420344||shape="rect"]]
25 25  
26 26  == Development via Apache Webserver ==
27 27  
28 -By default, WebObjects development installations typically run via DirectConnect. For https development, we must run thru the apache webserver built in to every OS X machine. So before going any further, configure your WebObjects development environment so that your development application launches and [[runs thru apache>>Development Tools-Running Through Apache]] using the host name "localhost".
25 +By default, WebObjects development installations typically run via DirectConnect. For https development, we must run thru the apache webserver built in to every OS X machine. So before going any further, configure your WebObjects development environment so that your development application launches and [[runs thru apache>>doc:Development Tools-Running Through Apache]] using the host name "localhost".
29 29  
30 -== Configuring Apache for [[https://localhost]] ==
27 +== Configuring Apache for [[https:~~/~~/localhost>>url:https://localhost||shape="rect"]] ==
31 31  
32 32  === Make the private key and SSL certificate ===
33 33  
34 -Normally creating SSL certificates for production use is quite involved, however since we are just doing localhost development and testing, we can bypass all the mumbo-jumbo and create the minimal unpassworded private key and SSL certificate the easy way. Do not use this method for creating production server SSL certificates
31 +Normally creating SSL certificates for production use is quite involved, however since we are just doing localhost development and testing, we can bypass all the mumbo-jumbo and create the minimal unpassworded private key and SSL certificate the easy way. Do not use this method for creating production server SSL certificates!
35 35  
36 36  Open terminal and follow the commands shown below in my transcript which is self-explanatory if you are familiar with Terminal...
37 37  
... ... @@ -47,7 +47,7 @@
47 47  {{/noformat}}
48 48  
49 49  Next run the one single openssl command that will make the two files we need in their final folder that we just created above.
50 -Note you will be asked for a bunch of info for the certificate. Follow what I have done below. **In particular, enter "localhost" in the Common Name field**
47 + Note you will be asked for a bunch of info for the certificate. Follow what I have done below. **In particular, enter "localhost" in the Common Name field!**
51 51  
52 52  {{noformat}}
53 53  
... ... @@ -86,29 +86,23 @@
86 86  === Configure Apache2 to Use Your Development Certificates for localhost ===
87 87  
88 88  Using your favorite command line editor, edit the apache config file at
89 -**/etc/apache2/httpd.conf**
90 -making the changes shown in the following 2 screenshots:
86 + **/etc/apache2/httpd.conf**
87 + making the changes shown in the following 2 screenshots:
91 91  
92 92  {{panel title="Setting Apache server name to localhost"}}
93 -
94 -!step1_servernamelocalhost.jpg!
95 -
90 +[[image:attach:step1_servernamelocalhost.jpg]]
96 96  {{/panel}}
97 97  
98 98  {{panel title="Including SSL Configuration file into main Apache config file"}}
99 -
100 -!step2_includesslconfig.jpg!
101 -
94 +[[image:attach:step2_includesslconfig.jpg]]
102 102  {{/panel}}
103 103  
104 104  Next edit the ssl config file itself at
105 -**/etc/apache2/extra/httpd-ssl.conf**
106 -making the changes shown in the following sceenshot:
98 + **/etc/apache2/extra/httpd-ssl.conf**
99 + making the changes shown in the following sceenshot:
107 107  
108 108  {{panel title="Setting up the SSL Config file"}}
109 -
110 -!step3_sslconfig.jpg!
111 -
102 +[[image:attach:step3_sslconfig.jpg]]
112 112  {{/panel}}
113 113  
114 114  Restart apache
... ... @@ -119,7 +119,7 @@
119 119  
120 120  {{/noformat}}
121 121  
122 -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
113 +~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
123 123  
124 124  JEFF SCHMITZ
125 125  
... ... @@ -129,24 +129,22 @@
129 129  
130 130  After a quick google search I found this which seems to have fixed the error:
131 131  
132 -[[http://www.perkiset.org/forum/all_things_apple/apache_osx_and_ulimit_a_little_chunk_of_weirdness-t909.0.html]]
123 +[[http:~~/~~/www.perkiset.org/forum/all_things_apple/apache_osx_and_ulimit_a_little_chunk_of_weirdness-t909.0.html>>url:http://www.perkiset.org/forum/all_things_apple/apache_osx_and_ulimit_a_little_chunk_of_weirdness-t909.0.html||shape="rect"]]
133 133  
134 -Also, for my [[https://]]... links my rewrite rules in apache weren't getting fired.  To get them to work I had to add them to the httpd-ssl.conf file just below the General setup stuff shown in the figure above.  I just copied them from my httpd.conf file and pasted them in.  Not sure if this is the best way to handle it, but it's working for me on my development machine at least.
125 +Also, for my https:~/~/... links my rewrite rules in apache weren't getting fired. To get them to work I had to add them to the httpd-ssl.conf file just below the General setup stuff shown in the figure above. I just copied them from my httpd.conf file and pasted them in. Not sure if this is the best way to handle it, but it's working for me on my development machine at least.
135 135  
136 -~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
127 +~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
137 137  
138 138  Finally, verify that https is working:
139 139  
140 140  {{panel title="Verify https://localhost is working"}}
141 -
142 -!httpslocalhost2.jpg!
143 -
132 +[[image:attach:httpslocalhost2.jpg]]
144 144  {{/panel}}
145 145  
146 146  == Detecting SSL ==
147 147  
148 148  Code for detecting whether SSL is active for the current request:
149 -I'm told this won't work with IIS:
138 + I'm told this won't work with IIS:
150 150  
151 151  {{code}}
152 152  
httpslocalhost2.jpg
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.XWikiGuest
Size
... ... @@ -1,0 +1,1 @@
1 +97.5 KB
Content
step1_servernamelocalhost.jpg
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.XWikiGuest
Size
... ... @@ -1,0 +1,1 @@
1 +23.5 KB
Content
step2_includesslconfig.jpg
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.XWikiGuest
Size
... ... @@ -1,0 +1,1 @@
1 +23.3 KB
Content
step3_sslconfig.jpg
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.XWikiGuest
Size
... ... @@ -1,0 +1,1 @@
1 +99.4 KB
Content