The Jive SBS platform
is capable of encrypting HTTP requests via SSL or TLS. Enabling encryption of HTTP
traffic requires the following steps on a platform-managed host:
- Copy cryptographic materials to the host. By default, the Jive HTTPD server
attempts to load an X.509 certificate file from the path
“/etc/jive/httpd/ssl/jive.crt” and the corresponding key from
“/etc/jive/httpd/ssl/jive.key”. The paths to these files are configured in the
default Apache HTTPD virtual host file located at
“/etc/jive/httpd/sites/default.conf” and can be changed to any path desired.
- Enable SSL in the HTTPD server by specifying the “-D SSL” option in the Apache
HTTPD configuration extension file located at “/etc/jive/conf/jive-httpd”. To
enable SSL, open (or create) this file and add ‘OPTIONS=”-D”’ to the file.
- With either Jive SBS's HTTP server or behind a third-party load balancer, add
two attributes to the file at
/usr/local/jive/applications/<app_name>/conf/server.xml. To the first (HTTP)
/Server/Connector element, add this: scheme="https"
proxyPort="443".
- After making the changes above, restart the Jive HTTPD server as described in
the run book for Linux or
.
Note: Except where noted above, if a third-party load balancer or external HTTP proxy is
performing SSL termination upstream of the Jive HTTPD server, it is not necessary to
configure the Jive HTTPD server for HTTP encryption in addition to the load
balancer.
Note: If the private key file installed to the server is encrypted, the HTTPD server
will interactively prompt the user for the password to decrypt the key.