CheckLists & Pre-requisites
Download and install Apache web server
Download and install OpenSSL toolkit for windows
Make sure your Liferay is up and running. You should be able to see your website at http://localhost:8080
Configuring Apache Web Server with Liferay - http
Apache WebServer Changes
Make sure Apache Web server is running. Open your favorite browser and type http://localhost
You should be able to see a page which displays "It works"
Go to your Apache installation directory and open httpd.conf file under conf directory
Uncomment the following lines
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
At the very end of the file append the following
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Restart Apache Web server
Open you portal-ext.properties in Liferay
Add the following lines
Open your browser and type http://localhost.
You should be able to see your liferay homepage.
You have configured Liferay to use with Apache web server
Creating Self-signed SSL certificate
Open the OpenSSL toolkit that you have installed
Generating Private Key
The first step is to create your RSA Private Key.
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
On the toolkit command prompt type the following
genrsa -des3 -out server.key 1024
It will create server.key
Generate a CSR(Certificate Signing Request)
Once the private key is generated a Certificate Signing Request can be generated.
The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate.
The second option is to self-sign the CSR, which we will do.
During the generation of the CSR, you will be prompted for several pieces of information.
The command to generate the CSR is as follows
req -new -key server.key -out server.csr
Remove Passphrase from key
Make another copy of server.key and name it as server.key.org
Type the following in ssl toolkit command prompt
rsa -in server.key.org -out server.key
Generate a self-signed certificate
At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate.
This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.
To generate a temporary certificate which is good for 365 days, issue the following command
x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
You should have server.key, server.csr and server.crt generated at this step
Configuring Apache Web Server with Liferay - https
Copy server.key, server.csr and server.crt generated to conf directory of Apache.
Open httpd.conf in Apache and uncomment the following lines to enable mod_ssl and configuration file for https
LoadModule ssl_module modules/mod_ssl.so
Restart your Apache web server
Open your browser and type https://localhost
You should be able to see your liferay main page in https
Configuring login and create account page for https
Open your portal-ext.properties and add the following property
Restart your tomcat
Open your browser and type http://localhost
Click on sign in or create account page. This should change the protocol to https
Enter your credentials and Login to the application. The protocol should change back to http when user is logged in.
Disabling https with apache web server
Comment out or remove the following properties in portal-ext.properties
Restart the tomcat.
This would make Tomcat run alone without apache. You have to access application using http://localhost:8080