Posted by
Jacques Le Roux on
Mar 21, 2018; 12:55pm
URL: http://ofbiz.116.s1.nabble.com/How-to-Configure-Ofbiz-SSL-tp4720955p4720958.html
Short answer: preferably look at letsencrypt for a free certificate (must be renewed every 3 months but there are tools for that)
For instance for the trunk demo we use
## SSL directives
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/ofbiz-vm2.apache.org/chain.pem"
SSLCACertificatePath "/etc/ssl/certs"
## Custom fragment
ProxyRequests Off
ProxyPreserveHost On
# do not proxy letsencrypt cert renewal requests
ProxyPass /.well-known !
ProxyPass / ajp://localhost:8009/
I let you figure the rest out
We should really update the Apache+OFBiz+Technical+Production+Setup+Guide
HTH
Jacques
Le 21/03/2018 à 12:09, Schumann Ye a écrit :
> Dear Gurus,
>
> Can anyone be so kind to show me how to configure ofbiz ssl for a test deployment (on a given domain)?
> I'd been struggling on this topic for days but still without any clue.
>
> What I have done is as follows:
> 1. I try the link
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide> But it ask us to submit the CSR to a third CA authority like VeriSign.
> I would like to test it only so if possible I would go for a free CA service first.
> Then with www.sslforfree.com<
http://www.sslforfree.com> I could download the following 3 files:
> 1.1 ca_bundle.crt
> 1.2 certificate.crt
> 1.3 private.key
> What should I do then?
> 2. Another option is with keytool function I would like to create a self-signed CA.
> But it still failed and I guessed I didn't do it in the right way.
>
> Pls help!!!
>
> Best Regards
> Schumann
>
>