The Jive platform is
capable of encrypting HTTP requests via SSL or TLS. Enabling encryption of HTTP traffic
requires the following steps on a platform-managed host:
- Copy cryptographic materials to the host. By default, the Jive HTTPD server attempts
to load an X.509 certificate file from the path /etc/jive/httpd/ssl/jive.crt and
the corresponding key from /etc/jive/httpd/ssl/jive.key. The paths to these files
are configured in the default Apache HTTPD virtual host file located at
/etc/jive/httpd/sites/default.conf and can be changed to any path desired.
- Import the jive.crt into the Java Tomcat keystore. For example, run the following
command as root, then restart the application:
/usr/local/jive/java/jre/bin/keytool -import -alias jiveCert -file /usr/local/jive/etc/httpd/ssl/jive.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
- Enable SSL in the HTTPD server by specifying the -D SSL option in the Apache HTTPD
configuration extension file located at /etc/jive/conf/jive-httpd. To enable SSL,
open (or create) this file and add OPTIONS="-D SSL" to the file.
- With either Jive's
HTTP server or behind a third-party load balancer, add three attributes to the file
at /usr/local/jive/applications/<app_name>/conf/server.xml. To the first (HTTP)
/Server/Connector element, add this: scheme="https" proxyPort="443"
proxyName="your.domain.com" -- where your.domain.com is the domain of
your application.
- After making the changes above, restart the Jive HTTPD server as described in the
runbook for Linux. Restart the Tomcat
server.
- Update the jiveURL in the .
Note: Except where noted above, if a third-party load balancer or external HTTP proxy is
performing SSL termination upstream of the Jive HTTPD server, it is not necessary to
configure the Jive HTTPD server for HTTP encryption in addition to the load
balancer.
Note: If the private key file installed to the server is encrypted, the HTTPD server will
interactively prompt for the password to decrypt the key. The default password
is changeit.