Enabling HTTPS

Introduction

By default, a node exposes the Web interface using the HTTP protocol on port 8080. To secure the communications between the embedded Web server and Web browsers, configure the deployment to use the HTTPS protocol instead.

Note that when a node is configured to use HTTPS, all incoming requests on the HTTP port are automatically redirected to the HTTPS port. Thus, if a Web browser requests the http://<host>:<port>/app URL, it is redirected to https://<host>:<port>/app. To completely forbid any HTTP traffic, disable the HTTP port.

Configure a key store with the HTTPS certificate

Create a key store with a cryptographic key, as described in How to create a key store for HTTPS communication?

For the following steps, you will need the path and the password of the key store file.

Enable HTTPS

Edit the conf/platform.properties file and add the following parameters:

conf/platform.properties
org.apache.felix.https.enable=true
org.osgi.service.http.port.secure=443
org.apache.felix.https.keystore=<path to the key store>
org.apache.felix.https.keystore.password=<password of the key store>
org.apache.felix.https.keystore.key.password=<password of the key in the key store>

Disable old cryptographic protocols

See SSL cipher suites and protocols configuration.

Disable HTTP

Optionally, you may want to disable the HTTP interface to ensure that all traffic is encrypted.

conf/platform.properties
org.apache.felix.http.enable=false

More information is available in Restrict access to HTTP service.

Related Links