Enabling SSL in the CTP Server
This article describes how to install a certificate and enable SSL in the CTP web server. The intended audience for this article is CTP administrators. This article requires an understanding of the Launcher Configuration Editor (See The CTP Launcher Configuration Editor for details).
1 The CTP Keystore
The certificate supplied by CTP to a client during the establishment of an SSL connection is contained in a keystore. CTP has a default keystore called keystore in the CTP directory. The password to the default keystore is ctpstore. The default keystore contains a self-signed certificate stored under the alias ctp.
Since the certificate in the default keystore is self-signed, browsers will warn users when establishing SSL connections. For that reason, if SSL is to be used for connections to the server, it is best to provide a certificate signed by a real Certificate Authority like Verisign. Because the default keystore is overwritten on every CTP upgrade, it is best to put that certificate in a separate keystore and configure CTP to use that keystore instead of the default.
2 Installing a Certificate
The CTP server expects its certificate to be stored under the alias ctp. When installing a new certificate for the server, whether in a new keystore or in the default keystore, you must store it under that alias.
There is a program called KeystoreManager in the CTP directory. It may be useful for examining a keystore, but it should not be used for inserting certificates. You should use the Java keytool.exe program which is located in the Java/jre7/bin directory. This program is well documented on the web.
3 Specifying a Different Keystore
To configure CTP to use a different keystore:
- Stop CTP.
- In the Launcher program, click the Configuration tab.
- Select the Server element in the left pane.
- In the Children menu, select SSL.
- In the right pane, enter the keystore filename and password in the fields.
- Ignore the truststore fields.
- Click Ctrl-S to save the configuration.
- Start CTP.
4 Enabling SSL in the Server
To switch the server to SSL:
- Stop CTP.
- In the Launcher program, click the Configuration tab.
- Select the Server element in the left pane.
- Change the port field to 443 (or whatever port you wish to use for SSL).
- Select the yes radio button in the ssl field in the right pane.
- Type Ctrl-S to save the configuration.
- Start CTP.
5 Installing a Redirector
Traditionally, SSL servers listen on port 443, but the default port used by browsers for HTTP connections is port 80. As a convenience to users, you can put a Redirector plugin in the configuration to redirect HTTP connections on port 80 over to HTTPS connections on port 443. To do that:
- Stop CTP.
- In the Launcher program, click the Configuration tab.
- In the Plugin menu, select Redirector.
- In the right pane, either change the httpsHost field to point to your server or make it blank.
- Set the httpsPort field to point to your HTTPS port.
- Type Ctrl-S to save the configuration.
- Start CTP.
Now, manually start your browser. Do not use the button on the General tab because that will automatically use the SSL port. Enter the URL pointing to your site, but on port 80. You should be redirected to port 443 and the protocol should change to HTTPS.