Skip to Content
Version 39.1 by Kieran Kelleher on 2008/07/21 18:31
Show last authors
1 == Introduction ==
2
3 Sooner or later you will need to develop WebObjects applications that work with SSL requests over https protocol. If ssl is configured on your deployment server, you can probably just change http to https in the app entry URL and the app will probably just work over https protocol. However if your application requires security, you cannot just depend on your users typing in a URL that begins with https. Also since SSL encryption adds more load to the webserver, you may want decide that just some pages need to be returned securely over https and the rest returned via plain old http. In any case, you may want to or need to set up your local OS X development machine to support https protocol so that you can properly test your application. Note also that setting up ssl for testing can be a far simpler task (and not really secure) than setting up real authentic SSL certificates for use in a production server.
4
5 {{info title="Compatability"}}
6
7 These instructions were written and tested on the following, but should work on any 10.5.X config or later
8 * OS X Leopard Client 10.5.4
9 * Standard built-in apache2
10 * If you like record and verify your OS config as follows:
11 ** $ openssl version
12 *** OpenSSL 0.9.8g 19 Oct 2007
13 ** $ httpd \-v
14 *** Server version: Apache/2.2.8 (Unix)
15
16 {{/info}}
17
18 == Development via Apache Webserver ==
19
20 By default, WebObjects development installations typically run via DirectConnect. For https development, we must run thru the apache webserver built in to every OS X machine. So before going any further, configure your WebObjects development environment so that your development application launches and [[runs thru apache>>Development Tools-Running Through Apache]] using the host name "localhost".
21
22 == Configuring Apache for [[https://localhost]] ==
23
24 === Make the private key and SSL certificate ===
25
26 Normally creating SSL certificates for production use is quite involved, however since we are just doing localhost development and testing, we can bypass all the mumbo-jumbo and create the minimal unpassworded private key and SSL certificate the easy way. Do not use this method for creating production server SSL certificates
27
28 Open terminal and follow the commands shown below in my transcript which is self-explanatory if you are familiar with Terminal...
29
30 {{noformat}}
31
32 mymac$ cd /etc/apache2/
33 mymac$ sudo -s
34
35 bash-3.2# mkdir devsslcerts
36 bash-3.2# cd devsslcerts/
37
38
39 {{/noformat}}
40
41 Next run the one single openssl command that will make the two files we need in their final folder that we just created above.
42 Note you will be asked for a bunch of info for the certificate. Follow what I have done below. **In particular, enter "localhost" in the Common Name field**
43
44 {{noformat}}
45
46 bash-3.2# openssl req -new -x509 -nodes -out localhost_server.crt -keyout localhost_server.key
47
48 Generating a 1024 bit RSA private key
49 .........................++++++
50 .....++++++
51 writing new private key to 'localhost_server.key'
52 -----
53 You are about to be asked to enter information that will be incorporated
54 into your certificate request.
55 What you are about to enter is what is called a Distinguished Name or a DN.
56 There are quite a few fields but you can leave some blank
57 For some fields there will be a default value,
58 If you enter '.', the field will be left blank.
59 -----
60 Country Name (2 letter code) [AU]:US
61 State or Province Name (full name) [Some-State]:Florida
62 Locality Name (eg, city) []:Tampa
63 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Five WebObjects Sailors, Inc.
64 Organizational Unit Name (eg, section) []:Software Engineering Department
65 Common Name (eg, YOUR name) []:localhost
66 Email Address []:developer@webobjects.com
67
68 bash-3.2# ls -al
69 total 16
70 drwxr-xr-x 4 root wheel 136 Jul 21 16:58 .
71 drwxr-xr-x 10 root wheel 340 Jul 21 16:56 ..
72 -rw-r--r-- 1 root wheel 1497 Jul 21 16:58 localhost_server.crt
73 -rw-r--r-- 1 root wheel 887 Jul 21 16:58 localhost_server.key
74
75
76 {{/noformat}}
77
78 === Configure Apache2 to Use Your Development Certificates for localhost ===
79
80 Using your favorite command line editor, edit the apache config file at
81 **/etc/apache2/httpd.conf**
82 making the changes shown in the following 2 screenshots:
83
84 {{panel title="Setting Apache server name to localhost"}}
85
86 !step1_servernamelocalhost.jpg!
87
88 {{/panel}}
89
90 {{panel title="Including SSL Configuration file into main Apache config file"}}
91
92 !step2_includesslconfig.jpg!
93
94 {{/panel}}
95
96 Next edit the ssl config file itself at
97 **/etc/apache2/extra/httpd-ssl.conf**
98 making the changes shown in the following sceenshot:
99
100 {{panel title="Setting up the SSL Config file"}}
101
102 !step3_sslconfig.jpg!
103
104 {{/panel}}
105
106 Restart apache
107
108 {{noformat}}
109
110 bash-3.2# apachectl graceful
111
112 {{/noformat}}
113
114 Finally, verify that https is working:
115
116 {{panel title="Verify https://localhost is working"}}
117
118 !httpslocalhost2.jpg!
119
120 {{/panel}}
121
122 == Detecting SSL ==
123
124 Code for detecting whether SSL is active for the current request:
125 I'm told this won't work with IIS:
126
127 {{code}}
128
129 // Is this page being accessed securely?
130 boolean secureMode = false;
131 String header = context.request().headerForKey("https");
132 if( header == null ) {
133 log.debug( "no https header, looking for server_port" );
134 header = context.request().headerForKey( "server_port" );
135 if( header == null ) {
136 log.debug( "no server_port header found, assuming insecure connection" );
137 } else {
138 log.debug( "server_port header found, using it" );
139 secureMode = header.equals( "443" );
140 }
141 } else {
142 log.debug( "https header found, using it" );
143 secureMode = header.equals( "on" );
144 }
145 log.debug( "secure mode set to " + secureMode );
146
147 {{/code}}