Enforcing SSL Encryption for the Opencms workplace

(Difference between revisions)
Jump to: navigation, search
Line 11: Line 11:
 
If the webserver has been configured to allow SSL, then the workplace URL must be changed.
 
If the webserver has been configured to allow SSL, then the workplace URL must be changed.
  
The relevant setting is contained in the configuration file ''opencms-system.xml''. This file you can find in the under the [[Real File System]] web application folder of opencms, in the subdirectory ''WEB-INF/config/''.
+
The relevant setting is contained in the configuration file ''opencms-system.xml''. This file you can find in the [[Real File System]] and there in the subdirectory ''WEB-INF/config/'' of the web application folder of opencms.
  
 
''opencms-system.xml'' contains a section like this:
 
''opencms-system.xml'' contains a section like this:

Revision as of 23:40, 1 November 2006

Prerequisites

The main prerequisite for this is that the workplace can be reached through SSL at all. For this to work, the webserver must be configured to use SSL and it needs a certificate and a private/public key pair.

The certificate certifies is usually created by a third party (a so-called certificate authority) which certifies that the server is authentic - that means - that no other server has been set up that only pretends to be your server. The private/public key pair is used for starting the encryption process itself.

For not-very-public setups, a self-signed certificate will be sufficient. In that case a third person, that does not know the website administrator will not be able to certify that the server is really the authentic server that should serve the given website. But still the website is encrypted, so if all participants know directly that the server and its certificate is trustworthy, then a self-signed certificate will be enough. Most web hosting providers offer tools that generate and install a set of keys plus a self-signed certificate into the webserver.

Enabling SSL for the workplace

If the webserver has been configured to allow SSL, then the workplace URL must be changed.

The relevant setting is contained in the configuration file opencms-system.xml. This file you can find in the Real File System and there in the subdirectory WEB-INF/config/ of the web application folder of opencms.

opencms-system.xml contains a section like this:

<sites>
  <workplace-server>http://www.server-name.com/opencms/opencms/</workplace-server>
  <!-- etc -->
</sites>

This has to be changed so that the workplace is accessed with SSL (https) instead:

<sites>
  <workplace-server>https://www.server-name.com/opencms/opencms/</workplace-server>
  <!-- etc -->
</sites>


After that you have to restart opencms. Now, even if somebody tries to access the workplace using an unsafe connection, they will be automatically redirected to the secured connection.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox