cfalzone ||

Having just gone through this process, I thought I’d share the steps I took to enable SSL in DotCMS.  On the DotCMS wiki there are some fairly brief instructions on how to enable SSL.  A quick search on Tomcat and SSL will point you to their documentation which explains it step-by-step.  So here it is all laid out in once nice How To.  Note that I am using windows and our Certificate Authority id DigiCert.  Your experience my vary.

Step 1:  Generating a Keystore

The first steps is to generate the keystore.  Tomcat, the java application server that DotCMS runs on, uses a format called Java KeyStore (JKS) for it’s keystores.  The Java SDK provides all the tools necessary to get the task done.  So, hop on over to where you have your SDK installed and follow along

C:\Program Files\Java\jdk1.6.0_03\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\DotCMS_keystore.key

You will need to enter some information about your organization and location.  You will have have to choose a password for your keystore.  Don’t forget the password or you’ll have to start over.  You should now have a valid keystore with the alias of tomcat.

Step 2 – Generate a Certificate Request

With the keystore in place you could skip all the way to the end now and have a fully functioning self-signed certificate.  This is nice, but more likely you are looking to have a certificate authority such as DigiCert or Verisign sign your certificate.  To do this you are going to need to generate a CSR or Certificate Signing Request.  Thankfully the keytool takes care of that for us as well.

C:\Program Files\Java\jdk1.6.0_03\bin>keytool -certreq -alias tomcat -keyalg RSA -keystore C:\DotCMS_keystore.key -file c:\DotCMS_certreq.csr

You are going to be required to enter your keystore password, but this should generate the certificate request for you without too much trouble.  Now you can take your DotCMS_certreq.csr to your signing authority and submit a request for a certificate.  I am not going to cover that process because  I don’t do that part, my sys admin does.  Well, it is also different with each signing authority.   Once you have your certificate you are ready to start the next step.

Step 3 – Importing your certificate

C:\Program Files\Java\jdk1.6.0_03\bin>keytool -import -trustcacerts -alias tomcat -file c:\star_edinboro_edu.p7b -keystore c:\DotCMS_keystore.key

Again, the keytool handles the dirty work for you and you’ll need that password again.

Step 4 – Checking the details

You could probably skip this step if you know you have the right password.  Honestly the output of this command really didn’t tell me much other than I could see that my certificated had imported.

C:\Program Files\Java\jdk1.6.0_03\bin>keytool -list -v -keystore c:\DotCMS_keystore.key

Step 5 – Configure DotCMS to listen on Port 443

The next step is going to require you to head to your DotCMS’s server.xml  Add the following lines:

<Connector port="443" address="192.168.8.221"
protocol="HTTP/1.1"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\DotCMS_keystore.key"
keypass="..."  />

You will have to change the address and keypass to match your system.

Step 6 – Restart and test

That’s really all there is to it.  Restart your DotCMS service and you can use openSSL to test the connection just like telnet.

C:\Program Files\Java\jdk1.6.0_03\bin>openssl s_client -connect 192.168.8.221:443 -state

After it establishes a connection you should see your certificate information.  You will of course want to test the whole setup in a browser.

In order for DotCMS to use SSL you also need to set a page to use SSL in the properties.  Create a test page, but before you save and publish head to the advanced properties and check the force https option.  Now when you try to visit that page it should redirect you https if you are not already using it.

Hopefully this small little guide helps out anyone trying to figure out how to setup SSL in DotCMS.

Last week saw me in Miami at the DotCMS Open Minds Conference, Boot Camp.  DotMarketing’s approach to the conference this year was slightly different this year.  The focus was more on Training whereas last year was more like demo.  I’d have to say that I really enjoyed the conference.

Tuesday, Feb 3

My journey to Miami started a day before the conference.  I couldn’t get a flight in the day of the conference.  It was fairly uneventful (that’s good!).  The Hotel this year was the Mayfair.  A little more ritzy than the Sonata, but still very nice.  I ended up eating at the Johnny Rockets.

Wednesday, Feb 4

The conference didn’t officially start until the registration/welcome party at 6PM.  Since I was there quite early I decided to jump over to DotMarketing Headquarters about 1PM.  DotMarketing was nice enough to throw us Jason Tesser for some informal pre-conference training.

We talked a lot about the bits and pieces of DotCMS.  Here are some take-aways from that conversation:

• Lucene queries will no longer require the live, deleted, and language parameters.  The DotCMS code tries to be smart enough to put those in based on where you are in the system.  This should simplify the lucene quries in our code considerably.
• DotMarketing plans on hitting the Content Browser Search functionality with a hammer very soon.  They want to add a more intuitive search.  The idea is to make the search much more like a Google search.  A very simple one field search with advanced option and more intuitive operators.
• They removed multicast traffic in clustering.  This is coming in the next version, but it is a major improvement on the way clustering works.  At Edinboro I decided to nix the cluster because of the multicast issues on campus.

After the informal training we went back to the Hotel for the opening party.  I got to meet back up with Fienen and meet some of the new folks from the DotCMS Community.  A big welcome to IPFW who just made the decision to go with DotCMS and had a considerable force at the conference.  After the party we (Jason, Fienen, and some others) headed to the Knife for dinner.  The Knife was a very nice place to eat.  It is an Argentinian Steak House Buffet kinda thing.  Very Nice!

After dinner I had mega troubles with my laptop’s wireless.  So that’s why this post is coming a little late.

Thursday, Feb 5

Thursday started with breakfast at the Bookstore in the Grove.  The first session of the day was on structures and relationships.  I already knew much of the content here, but for the new guys this was a lot of bricks and mortar kind of training on the Back-End of DotCMS.  I did manage to grab a couple morsels of goodness from the session though:

• Relationships have an order field but in order to get the #PullRelatedContent macro to sort on that field you have to first save the order in the back-end.  Then, if you leave the sort parameter blank your results will be sorted by that field.  This is something I had been wondering how to do for some time now.
• You can also pass a lucene query to the macro.  Allowing you to drill down the results to just what you need.  I couldn’t think of an immediate use for this, but I’ll tuck it away for a rainy day.

The rest of the day, I spent with Jason Tesser in a one-on-one session.  This is the true value of the DotCMS conference.  I am really happy to see a company that will give you one-on-one attention.  Jason and I talked a lot about the nuts and bolts of the Content API and DotConnect Java Classes.  I learned how to use the DotConnect Class to retrieve SQL results from my server and then use the Content API to update and insert new content into DotCMS structures.  Very, very valuable stuff.

After the show a few of had a specialized training on administration of DotCMS.  We learned that you can use JMX to debug some of the more interesting problems may run into with cache and other things in the system.  It looked like really cool stuff, but it was a bit over my head.  Andres did a great job of showing us what can can’t be done though.

I ended up going with a rather large group to a sushi place for dinner.  I am not overly obsessed with sushi, but I went along and the place we went to was very nice.  I had a fried shrimp/lettuce/rice roll that was actually very good.

Friday, Feb 6

Breakfast was at the bookstore again.  We started the day off with Plugins Training.  The training was very well laid out and was my main target for the conference.  Jason covered a ton of information about what you can do with plugins and how they work.  I wish there was more actual code, but when you are talking to a large audience that kind of thing would’ve been hard to pull off. I can’t say how stoked I am about the addition of plugins to the DotCMS product.

One of the cool things you can do with plugins is move all your configuration and custom macros out of DotCMS.  This way if you ever need to restore a server or do an upgrade, you can just stick your plugin back in and you are essentially up and running.  I plan on doing this as my first plugin and hope to have a good post about how it’s all done.  That is, or corse, if Fienen doesn’t beat me to it

The last half of the day was on Ajax.  While I was not overly interested in the ajax stuff, it was interesting to see some of the cool stuff that DotCMS can do there.

After the Ajax session we moved into the Focus Group / Roadmap / Deiscuss / Wrapup portion of the conference.  I can’t tell you how impressed I am with the way DotCMS is developing.  Here is what is in store for us in the coming year:

• Enterprise Offeringe -vs- Open Source Offerings:  The idea is is to not turn DotCMS into crippleware.  There are quite a few CMSs that go the crippleware route.  In other words, you can have the software for free, but to really get the most out of it you have to pay.  DotCMS is going pretty much the opposite route.  The open source product will always be fully featured.  (Actually, it will most likely be more featured than the Enterprise. )  The Enterprise version will be the hardened product with better supoprt.
• Plugins, Plugins, Plugins:  Plugins give us a major shift in the way customization of DotCMS is handled.  From the simplest stuff like your configuration or a small macro, to the big stuff like new portlets.   Plugins also push forward community growth.  We hope to see the infamous DotCMSForge this year.  To add to this DotMarketing is also going to be putting on a plugin competition to get the community start on making plugins.
• 1.7:  What was going to be 1.6.5c is now going to be 1.7.  With this version, slated to come out in the next few weeks, we will see the addition of plugins.  Also, as a first plugin DotMarketing has created Front Ent Content Submition.
• 1.8: With 1.8 we will see fater releases (to the tune of 1 every 3-4 months).  1.8 will also add the concept of Binary Content.  This will allow us to dirrectly attach files to content along with exporters.  This esentially turns DotCMS into a digital asset / document management system.  Also due for 1.8 is drafting.  The idea is that it will work much like wordpress posts that auto-save or gmail messages.  There are also changed coming for content/page owners, which is something that has not worked as intended in DotCMS.  Lastly, it will add wiki-like link structures to DotCMS.
• Looking beyond 1.8 there are some big plans for this year.  A simplified UI for permissions, improvements to the Multi-Site Hosting UI, Push Publishing, a better forms builder with chaining, and access to content in the CMS view web services over CMIS.

Wrap Up

So, this has been a really long congolomo-blog post.  Sorry for that.  As you can see the conference was a great source of information!  I thouroughly enjoyed myself and I think everyone that came got a ton of value out of it.  Not to mention the networking possibilities.    There are some really cool things in store for us this year.  To say that I am giddy with anticipation would be an understatement.

Here are some additional links to information about the conference (more as I find them):

• Fienen’s Live Blogging of the Conference:  Post 1 | Post 2
• Fienen’s Flickr Feed