Configure HTTPS in Liferay DXP 7.4 (Tomcat 9)

Introduction:

In this post, we will learn how to create a self-signed certificate and configure it with Liferay Portal. Here are the key points of the entire process.

---

Step 1: Create the Keystore

Open the command prompt and execute the below command to generate Keystore

keytool -genkey -alias tomcat -keyalg RSA -keystore keystore

It will ask a series of questions. Answer those questions and after answering all those questions the Keystore file will be generated. Refer to the below screenshot.

Step 2: Export Certificate

We have the Keystore ready. Now it’s time to export it. To do so execute the below command

keytool -export -alias tomcat -keypass changeit -file server.crt -keystore keystore

Refer to the below screenshot.

---

Step 3: Import the certificate into the JDK’s default trust store file (CACERT)

For this execute the below command. Prepare the command as per your JDK path.

keytool -import -alias tomcat -file server.crt -keypass changeit -keystore "D:/Software/Zip-Extract-Installed-Softwares/zulu8.62.0.19-ca-jdk8.0.332-win_x64/jre/lib/security/cacerts"

---

Step 4: Update portal-ext.properties

Update the server protocol in portal-ext.properties

web.server.protocol=https

Step 5: Update the server.xml file

Path : ${liferay-home-directory}\liferay-dxp-7.4.13-ga1\tomcat-9.0.53\conf\server.xml

Update the server.xml file with the below content

<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" 
           maxThreads="200"
           scheme="https" 
           secure="true" 
           SSLEnabled="true"
           keystoreFile="${user.home}/keystore" keystorePass="changeit"
           clientAuth="false" 
	   sslProtocol="TLS"/>