Version 5

    Summary

     

    Jive 7 and newer now enforces a strict policy on HTTPS certificate checking. The following demonstrates how to configure a single-node test instance for SSL.

     

    These instructions are only for configuring SSL in a test environment with a single web app node.

    Jive only supports configuring SSL through a load balancer.

    Running a production instance with these settings is not supported.

     

     

    Method A - How To (https://jiveURL:8443 as URL)

     

    Set the jiveURL system property

    Configure the webapp proxy settings

    • jive set webapp.http_proxy_name jiveURL
      • substitute hostname jiveURL as necessary, e.g. mysite.com
    • jive set webapp.http_proxy_port 8443
    • jive set webapp.http_proxy_scheme https
    • jive set httpd.ssl_enabled True

     

    Configure SSL on httpd

    • jive set httpd.ssl_certificate_file </path/to/your/crt/file>
    • jive set httpd.ssl_certificate_key_file </path/to/your/key/file>

     

    Restart the Jive httpd and webapp services

    • jive stop httpd
    • jive stop webapp
    • jive start webapp
    • jive start httpd

     

    Method B - How To (https://jiveURL as URL)

     

    Jive 7 and later does not make use of the root user.  As such, the Jive web application is unable to use port 80 (http) or 443 (https). It is recommended you use 8443 and use iptables to redirect requests to 443 to 8443

     

    Set the jiveURL system property jiveURL

    Configure the webapp proxy settings

     

    • jive set webapp.http_proxy_name jiveURL
      • substitute hostname jiveURL as necessary, e.g. mysite.com
    • jive set webapp.http_proxy_port 443
    • jive set webapp.http_proxy_scheme https
    • jive set httpd.ssl_enabled True

     

    Configure SSL on httpd

     

    • jive set httpd.ssl_certificate_file </path/to/your/crt/file>
    • jive set httpd.ssl_certificate_key_file </path/to/your/key/file>

     

    Configure iptables as root like so (last two steps are so this will persist on reboot)

     

    • iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
    • mv /etc/sysconfig/iptables /etc/sysconfig/iptables-old && iptables-save > /etc/sysconfig/iptables
    • chkconfig iptables on

     

    Restart the Jive httpd and webapp services

     

    • jive stop httpd
    • jive stop webapp
    • jive start webapp
    • jive start httpd