How to configure Liferay to run over HTTPS

Introduction

Welcome to this blog, where I'll guide you through running Liferay Community Edition over HTTPS. This method applies to Liferay and any web application served through an Apache Tomcat web server. Don't worry if you still need to get a valid SSL certificate. This blog will use a self-signed certificate that is acceptable for testing or development environments.

Prerequisites (Production)

you will need a valid SSL certificate with its private key if you're configuring a production environment. You can purchase one through any domain registrar, such as GoDaddy.

Steps

1. Let's start by downloading Liferay-Community Edition through the link below.
   https://www.liferay.com/downloads-community
   Make sure you select Bundled with Tomcat (tar.gz) or Bundled with Tomcat (7-zip).
2. Unzip the downloaded bundle.
3. Open up the Terminal and navigate to the the unzipped directory and the tomcat directory.
   It should be something like this {your-chosen-directory}/liferay-ce-portal-{version-number}/tomcat-{version-number}.
4. Create a new directory called ssl and navigate to it
   mkdir ssl && cd ssl
5. Create our self-signed certificate using the commands below.
   1. Create the private key
      openssl genrsa -out private-key.pem 2048
   2. Create a certificate signing request
      openssl req -new -key private-key.pem -out certificate-signing-request.csr
   3. Sign that certificate using the private key we created in step#1
      openssl x509 -req -days 3650 -in certificate-signing-request.csr -signkey private-key.pem -out signed-certificate.crt
6. We need to change the server configurations to use our self-signed certificate. Navigate to the tomcat-{version-number}/conf directory and open the file server.xml to modify it.
7. Find the connector with the protocol org.apache.coyote.http11.Http11AprProtocol and do the following:
   1. Uncomment this connector
   2. Change the protocol from org.apache.coyote.http11.Http11AprProtocol to org.apache.coyote.http11.Http11NioProtocol
   3. Change certificateKeyFile to certificateKeyFile="ssl/private-key.pem"
   4. Change certificateFile to certificateFile="ssl/signed-certificate.crt"
8. You're now ready to run Liferay and access it on HTTPS port 8443!
9. To run Liferay, navigate to tomcat-{version-number}/bin and run: ./catalina run.
10. Once the server is up, open your browser and navigate to https://localhost:8443.
11. Accept your browser security warning regarding using an invalid certificate.
12. That's it; your Liferay instance is running on HTTPS and port 8443!

Summary

In this blog, we used a self-signed certificate to run Liferay on HTTPS in a development environment. You can follow the same steps (excluding the steps where you create the self-signed certificate) when you purchase a valid SSL certificate through any domain registrar, such as GoDaddy, and use it in your production environment.