Difference between revisions of "WebProtegeHttpsLogin"
Jack.elliott (talk | contribs) |
Jack.elliott (talk | contribs) (→Change the https property in protege.properties) |
||
Line 38: | Line 38: | ||
== Change the https property in protege.properties == | == Change the https property in protege.properties == | ||
− | To configure WebProtege to use https, change the | + | To configure WebProtege to use https, change the protege.properties file to set the <code>login.with.https</code> property to true. |
== Start Tomcat == | == Start Tomcat == |
Revision as of 09:25, May 25, 2010
Securing the WebProtege login window using SSL
WebProtege uses a form of client-side encryption for the http login configured by default. To use the more secure SSL login in Tomcat, follow these instructions.
Contents
Generate a Key
If you do not have a signed certificate from a certifying authority, you will need to generate a dummy certificate that webprotege can use. Enter a password value of webprotege
when prompted, and be sure to keep a record of where you save the keystore to.
windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore
unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore
Configure Tomcat to Use HTTPS
For Tomcat to use https, we need to add a new connector (Tomcat 6 is not configured for SSL by default) and point it to the keystore. To do this, simply add the following lines to your server.xml
, found at $TOMCAT_HOME/conf
:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 443 --> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/my/keystore/.keystore" keystorePass="webprotege"/>
Be careful to substitute the /path/to/my/keystore with the correct path to your keystore, which you generated in step one. Note that this connector is already present in the tomcat server.xml file, but it is commented-out. It is very important to set the connector to listen to port 443, because webprotege will always use the default https port, which is 443, and the default Tomcat connector will only listen on port 8443.
Change the https property in protege.properties
To configure WebProtege to use https, change the protege.properties file to set the login.with.https
property to true.
Start Tomcat
You are now ready to start Tomcat. Note that on some versions of Unix, you may need to run the Tomcat server as root or another user with authority over the lower ports; port 443 is secured by default.
About WebProtege
WebProtege is currently under development by the Protege team at the Stanford Center for Biomedical Informatics Research.