Liferay

Configuring SSL step by step for Liferay DXP Cloud & Liferay DXP

Please follow each step to learn how to configure the SSL Liferay DXP server.

Liferay DXP Cloud:

DXP Cloud accepts only keys and certificates in proper PEM format with Base64 encoding which must include encapsulation boundaries.
To add a single SSL certificate to the LCP.json file:

  1. Add secret variables for crt and key values to your chosen environment.
  2. In the LCP.json file of your project repository’s webserver, add an object of SSL inside the load balancer object with crt and key values refering to the secret keys you have added:
  3. Explain
    { 
        "loadbalancer": { 
           “ssl": { 
              "key": "@ssl-key-secret", 
              "crt": "@ssl-crt-secret" 
           } 
        }               
    }
  4. This ssl object will create a single custom SSL certificate mapping to all the custom domains in this specific environment.

Mapping multiple SSL certificates to custom domains:
You can use the certs property instead of ssl object to map different SSL certificates to multiple custom domains.

Create a list of certificates you want to use in the certs property.

Group the crt and key values for each certificate with their respective custom domains:

Explain
{ 
"loadbalancer": { 
"certs": [ 
{ 
"customDomains": ["acme.liferay.cloud"], 
"key": "...", 
"crt": "..." 
}, 
{ 
"customDomains": ["acme2.liferay.cloud"], 
"key": "...", 
"crt": "..." 
} 
] 
} 
}

Liferay DXP with Nginx:

If you are using Liferay DXP with Nginx, you must configure the SSL in your nginx server.

To configure HTTPS server through Nginx, the ssl parameter must be enabled on listening sockets in the server block and the locations of the crt and key file should be specified:

Explain
server { 
    listen                         443 ssl; 
    server_name            www.example.com; 
    ssl_certificate           www.example.com.crt; 
    ssl_certificate_key   www.example.com.key; 
    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2; 
    ssl_ciphers               HIGH:!aNULL:!MD5; 
    ... 
}

The server certificate is a public entity. It is sent to every client that connects to the server. The private key is a secure entity and should be stored in a file with restricted access, however, it must be readable by nginx’s master process. The private key may alternately be stored in the same file as the certificate:

ssl_certificate www.example.com.cert; 
ssl_certificate_key www.example.com.cert; 

in which case the file access rights should also be restricted. Although the certificate and the key are stored in one file, only the certificate is sent to a client.

The directives ssl_protocols and ssl_ciphers can be used to limit connections to include only the strong versions and ciphers of SSL/TLS. By default nginx uses “ssl_protocols TLSv1 TLSv1.1 TLSv1.2” and “ssl_ciphers HIGH:!aNULL:!MD5”, so configuring them explicitly is generally not needed. Note that default values of these directives were changed several times.

Generating an SSL Certificate:

You will need to convert the pfx file of the certificate to the crt and key files

Generating an SSL Certificate:

You will need to convert

Convert pfx to crt:
< openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] >

Convert pfx to private key:
< openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] >

Decrypt the private key:
< openssl rsa -in [drlive.key] -out [drlive-decrypted.key] >

For DXP cloud, you need to convert the crt and decrypted key to base64 format:
< openssl base64 -in originalkeyfile.key -out base64keyfile.key >
< openssl base64 -in originalcertfile.crt -out base64certfile.crt >

Here concludes the process of configuring the Liferay DXP SSL server. Check out our repository to learn about the challenging Liferay DXP programming questions that may help programmers.

Reach out to us if there is any consultation and implementation need or send email us on [email protected]

Transform Your Business With Digital Enterprise Solutions

Contact us

Our Offices

AHMEDABAD, INDIA

401, One World West, Nr. Ambli T-Junction 200, S P Ring Road, Bopal, Ahmedabad, Gujarat 380058

UK

Kemp House 160 City Road, London, United Kingdom EC1V 2NX

GERMANY

Nürnberger Str. 46 90579 Langenzenn Deutschland

AUSTRALIA

Level 36 Riparian Plaza, 71 Eagle Street, Brisbane, QLD 4000

USA

4411 Suwanee Dam road, Bld. 300 Ste. 350 Suwanee GA, 30024

SOUTH AFRICA

Cube Work Space, 24 Hans Strijdom Avenue, Cape Town

Mahindra DUBAI, UAE

B 503 Sama Tower, Sheikh Zayed Road, United Arab Emirates

CANADA

34 Applegrove Ct. Brampton ON L6R 2Y8