Liferay
Please follow each step to learn how to configure the SSL Liferay DXP server.
DXP Cloud accepts only keys and certificates in proper PEM format with Base64 encoding which must include encapsulation boundaries.
To add a single SSL certificate to the LCP.json file:
{
"loadbalancer": {
“ssl": {
"key": "@ssl-key-secret",
"crt": "@ssl-crt-secret"
}
}
}
Mapping multiple SSL certificates to custom domains:
You can use the certs property instead of ssl object to map different SSL certificates to multiple custom domains.
Create a list of certificates you want to use in the certs property.
Group the crt and key values for each certificate with their respective custom domains:
{
"loadbalancer": {
"certs": [
{
"customDomains": ["acme.liferay.cloud"],
"key": "...",
"crt": "..."
},
{
"customDomains": ["acme2.liferay.cloud"],
"key": "...",
"crt": "..."
}
]
}
}
If you are using Liferay DXP with Nginx, you must configure the SSL in your nginx server.
To configure HTTPS server through Nginx, the ssl parameter must be enabled on listening sockets in the server block and the locations of the crt and key file should be specified:
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
The server certificate is a public entity. It is sent to every client that connects to the server. The private key is a secure entity and should be stored in a file with restricted access, however, it must be readable by nginx’s master process. The private key may alternately be stored in the same file as the certificate:
ssl_certificate www.example.com.cert;
ssl_certificate_key www.example.com.cert;
in which case the file access rights should also be restricted. Although the certificate and the key are stored in one file, only the certificate is sent to a client.
The directives ssl_protocols and ssl_ciphers can be used to limit connections to include only the strong versions and ciphers of SSL/TLS. By default nginx uses “ssl_protocols TLSv1 TLSv1.1 TLSv1.2” and “ssl_ciphers HIGH:!aNULL:!MD5”, so configuring them explicitly is generally not needed. Note that default values of these directives were changed several times.
Generating an SSL Certificate:
You will need to convert the pfx file of the certificate to the crt and key files
Generating an SSL Certificate:
You will need to convert
Convert pfx to crt:
< openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] >
Convert pfx to private key:
< openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] >
Decrypt the private key:
< openssl rsa -in [drlive.key] -out [drlive-decrypted.key] >
For DXP cloud, you need to convert the crt and decrypted key to base64 format:
< openssl base64 -in originalkeyfile.key -out base64keyfile.key >
< openssl base64 -in originalcertfile.crt -out base64certfile.crt >
Here concludes the process of configuring the Liferay DXP SSL server. Check out our repository to learn about the challenging Liferay DXP programming questions that may help programmers.
Reach out to us if there is any consultation and implementation need or send email us on [email protected]
The technology has been a pioneer in speeding up the data analysis of customers for enterprises.
17 Jul 2024
Learn about Alfresco development and its benefits for businesses. Discover how leveraging Alfresco can enhance efficiency and collaboration.
17 Jul 2024
Mastering Alfresco Development: Essential Tips for Success in ECM Solutions” provides crucial insights and strategies for developers to excel in…
17 Jul 2024
401, One World West, Nr. Ambli T-Junction 200, S P Ring Road, Bopal, Ahmedabad, Gujarat 380058
Kemp House 160 City Road, London, United Kingdom EC1V 2NX
Nürnberger Str. 46 90579 Langenzenn Deutschland
Level 36 Riparian Plaza, 71 Eagle Street, Brisbane, QLD 4000
4411 Suwanee Dam road, Bld. 300 Ste. 350 Suwanee GA, 30024
Cube Work Space, 24 Hans Strijdom Avenue, Cape Town
B 503 Sama Tower, Sheikh Zayed Road, United Arab Emirates
34 Applegrove Ct. Brampton ON L6R 2Y8
We use cookies to improve your browsing experience.
OKAYThis website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.