Enabling SSL Encryption

The Jive platform is capable of encrypting HTTP requests via SSL or TLS. Enabling encryption of HTTP traffic requires the following steps on a platform-managed host:

  1. Copy cryptographic materials to the host. By default, the Jive HTTPD server attempts to load an X.509 certificate file from the path /etc/jive/httpd/ssl/jive.crt and the corresponding key from /etc/jive/httpd/ssl/jive.key. The paths to these files are configured in the default Apache HTTPD virtual host file located at /etc/jive/httpd/sites/default.conf and can be changed to any path desired.
  2. Import the jive.crt into the Java Tomcat keystore. For example, run the following command as root, then restart the application:
    /usr/local/jive/java/jre/bin/keytool -import -alias jiveCert -file /usr/local/jive/etc/httpd/ssl/jive.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
  3. Enable SSL in the HTTPD server by specifying the -D SSL option in the Apache HTTPD configuration extension file located at /etc/jive/conf/jive-httpd. To enable SSL, open (or create) this file and add OPTIONS="-D SSL" to the file.
  4. With either Jive's HTTP server or behind a third-party load balancer, add three attributes to the file at /usr/local/jive/applications/<app_name>/conf/server.xml. To the first (HTTP) /Server/Connector element, add this: scheme="https" proxyPort="443" proxyName="your.domain.com" -- where your.domain.com is the domain of your application.
  5. After making the changes above, restart the Jive HTTPD server as described in the runbook for Linux. Restart the Tomcat server.
  6. Update the jiveURL in the Admin Console: System Management > System Properties.
Note: Except where noted above, if a third-party load balancer or external HTTP proxy is performing SSL termination upstream of the Jive HTTPD server, it is not necessary to configure the Jive HTTPD server for HTTP encryption in addition to the load balancer.
Note: If the private key file installed to the server is encrypted, the HTTPD server will interactively prompt for the password to decrypt the key. The default password is changeit.