Enabling SSL Encryption

The Jive SBS platform is capable of encrypting HTTP requests via SSL or TLS. Enabling encryption of HTTP traffic requires the following steps on a platform-managed host:

Copy cryptographic materials to the host. By default, the Jive HTTPD server attempts to load an X.509 certificate file from the path “/etc/jive/httpd/ssl/jive.crt” and the corresponding key from “/etc/jive/httpd/ssl/jive.key”. The paths to these files are configured in the default Apache HTTPD virtual host file located at “/etc/jive/httpd/sites/default.conf” and can be changed to any path desired.

Import the jive.crt into the Java Tomcat keystore. For example, run the following command as root, then restart the application:

/usr/local/jive/java/jre/bin/keytool -import -alias jiveCert -file /usr/local/jive/etc/httpd/ssl/jive.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

Enable SSL in the HTTPD server by specifying the “-D SSL” option in the Apache HTTPD configuration extension file located at “/etc/jive/conf/jive-httpd”. To enable SSL, open (or create) this file and add ‘OPTIONS=”-D”’ to the file.
With either Jive SBS's HTTP server or behind a third-party load balancer, add two attributes to the file at /usr/local/jive/applications/<app_name>/conf/server.xml. To the first (HTTP) /Server/Connector element, add this: scheme="https" proxyPort="443" proxyName="your.domain.com" -- where your.domain.com is the domain of your application.
After making the changes above, restart the Jive HTTPD server as described in the run book for Linux or Solaris.

Note: Except where noted above, if a third-party load balancer or external HTTP proxy is performing SSL termination upstream of the Jive HTTPD server, it is not necessary to configure the Jive HTTPD server for HTTP encryption in addition to the load balancer.

Note: If the private key file installed to the server is encrypted, the HTTPD server will interactively prompt the user for the password to decrypt the key.