Apply an SSL Certificate to Percussion

Setting up https in Percussion CMS is based upon standard procedures in the Jetty application server.  This can be found here:  Custom configuration paramters can be placed in {installation root}/jetty/base/etc/ instead of ssl.ini file described in this documentation

Place your keystore file (public/private key pair) and certificate file in the directory {installation root}/jetty/base/etc

Enable https in jetty

cd {installation root}/jetty

StartJetty.bat --add-to-start=https,ssl

This will create a default non-secure self-signed keystore in {installation root}/jetty/base/etc/keystore that can be used on startup to test but should be replaced with actual keystore.

Create a keystore file

See the following jetty documentation that describes how to create a certificate and keystore for use in the server.

Place your keystore file (public/private key pair) and certificate file in the directory {installation root}/jetty/base/etc add configuration properties in {installation root}/jetty/base/etc/  See below for configuration options

Standard configuration options

Below are the main configuration options.  The path specified is relative to {installation root}/jetty/base directory.  The keystore password can be entered in plain text but is recommended to obfuscate the password as is indicated in the default below with the OBF: prefix.  The next section describes how to create obfuscated passwords for jetty.





Other configuration options may be available and provided by jetty and current options can be found in {installation root}\jetty\upstream\modules\ssl.mod

Obfuscating passwords for jetty configuration

java -cp {installation root}\jetty\upstream\lib\jetty-util-9.4.10.v20180503.jar {password}

The version number may change, confirm the current version of jetty-util-*.jar

This command should produce a line starting with "OBF:"  copy the encoded password including the prefix into the configuration file.

See the Jetty documentation on this topic for more information:

Restart the CMS service for the changes to take effect.

Ensure that you can login through the https protocol and your SSL port.  You may need to re-configure your Dashboard gadgets (edit settings) the first time that you login via SSL if you previously logged in via http protocol.