Monday, September 10, 2012

Configure Apache Rave for SSL

I had to do $subject for the oa4mp integration work that I am currently doing with Rave. I had to do some configuration changes to get SSL working with Rave. Following are the instructions on how to $subject.

Enabling SSL in Tomcat

Following instructions demonstrate how to get Tomcat 6 running over SSL using a self signed certificate.
  • Find the reverse DNS (of the IP address )of the machine in which you are going to install.
$ host your-ip-address
  •  Then you'll be getting the reverse DNS of the IP address you gave.
 xxx-yy-zzz-hhh.dhcp-bl.xxx.edu
  • Generate a self signed certificate that you'll use with Tomcat.
keytool -genkey -alias tomcat -keyalg RSA -validity 365 -storepass changeit -keystore $JAVA_HOME/jre/lib/security/cacerts

What is your first and last name?
  [Unknown]:  xxx-yy-zzz-hhh.dhcp-bl.xxx.edu
What is the name of your organizational unit?
  [Unknown]:  SGG
What is the name of your organization?
  [Unknown]:  IU
What is the name of your City or Locality?
  [Unknown]:  Bloomington
What is the name of your State or Province?
  [Unknown]:  IN
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=xxx-yy-zzz-hhh.dhcp-bl.xxx.edu, OU=SGG, O=IU, L=Bloomington, ST=IN, C=US correct?
  [no]:  yes

Enter key password for
        (RETURN if same as keystore password):
  • Edit Tomcats server.xml to enable an SSL listener on port 443 using our alternate cacerts file. By default Tomcat looks for a certificate with the alias "tomcat" which is what we used to create our self signed certificate. (uncommented the HTTPS connector and configured it to use our custom cacerts file)

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           keystoreFile="$JAVA_HOME/jre/lib/security/cacerts" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS" />

Configure Apache Rave and Shindig to run over SSL.

1. Configure properties files.
  • Edit the portal.properties file to configure Apache Rave to use SSL. (updated the following values at the top of the portal.properties config file with)
portal.opensocial_engine.protocol=https
portal.opensocial_engine.root=xxx-yy-zzz-hhh.dhcp-bl.xxx.edu
portal.opensocial_engine.gadget_path=/gadgets
Edit the rave.shindig.properties and  container.js files to configure Shindig to use SSL.
  • The changes to container.js are - search and replace of http:// with https://
  • Updated the following values at the top of the rave.shindig.properties config file with.
shindig.host= xxx-yy-zzz-hhh.dhcp-bl.xxx.edu
shindig.port=
shindig.contextroot=

2. Update the rave-portal pom.
  • Add the following configuration to the cargo plugin. It uses the tomcat server.xml file (configured in the first section) give in the configuration to startup a Tomcat instance.
<configfiles>
    <configfile>
        <file>${project.basedir}/../rave-portal-resources/src/main/dist/conf/tomcat-users.xml</file>
        <todir>conf/</todir>
        <tofile>tomcat-users.xml</tofile>
    </configfile>
    <configfile>
        <file>/home/heshan/Dev/airavata-rave-integration/oauth/rave-0.15-oa4mp-branch/config/server.xml</file>
        <todir>conf/</todir>
        <tofile>server.xml</tofile>
    </configfile>
</configfiles>
  • Build raven project.
mvn clean install
  • Move to the rave-portal module and start Rave using the Cargo plugin.
cd rave-portal
mvn cargo:start
  • Log into the portal using the login page. 
https://156-56-179-232.dhcp-bl.indiana.edu/portal/login