Enabling SSL in the CTP Server

From MircWiki
Jump to navigation Jump to search


This article describes how to install a certificate and enable SSL in the CTP web server. The intended audience for this article is CTP administrators. This article requires an understanding of the Launcher Configuration Editor (See The CTP Launcher Configuration Editor for details).

1 The CTP Keystore

The certificate supplied by CTP to a client during the establishment of an SSL connection is contained in a keystore. CTP has a default keystore called keystore in the CTP directory. The password to the default keystore is ctpstore. The default keystore contains a self-signed certificate stored under the alias ctp.

Since the certificate in the default keystore is self-signed, browsers will warn users when establishing SSL connections. For that reason, is SSL is to be used for connections to the server, it is best to provide a certificate signed by a real Certificate Authority like Verisign. Because the default keystore is overwritten on every CTP upgrade, it is best to put that certificate in a separate keystore and configure CTP to use that keystore instead of the default.

2 Specifying a Different Keystore

3 Installing a Certificate

4 Enabling SSL in the Server

To switch the server to SSL:

  1. Stop CTP.
  2. In the Launcher program, click the Configuration tab
  3. Select the Server element in the left pane
  4. Select the yes radio button in the ssl field in the right pane.
  5. Type Ctrl-S to save the configuration.
  6. Start CTP.

5 Installing a Redirector

Traditionally, SSL servers listen on port 443, but the default port used by browsers is port 80. As a convenience to users, you can put a Redirector plugin in the configuration to redirect HTTP connections on port 80 over to HTTPS connections on port 443. To do that:

  1. Stop CTP.
  2. In the Launcher program, click the Configuration tab.
  3. Select the Server element in the left pane.
  4. Change the port field in the right pane to 443.
  5. In the Plugin menu, select Redirector.
  6. In the right pane, either change the httpsHost field to point to your server or make it blank.
  7. Type Ctrl-S to save the configuration.
  8. Start CTP.

Now, manually start your browser. Do not use the button on the General tab because that will automatically use the SSL port. Enter the URL pointing to your site, but on port 80. You should be redirected to port 443 and the protocol should change to HTTPS.