SUNScholar/Secure Internet Connections

Back to Internet Security

For the need to use https, check: https://pressfreedomfoundation.org/encryption-works and https://ssd.eff.org

To check if your internet connection is secure, use: https://www.eff.org/https-everywhere

1 Introduction
2 Please Note
- 2.1 TCP/UDP Port 443
- 2.2 SSL Defaults
3 Step 1. Create the SSL certificates
4 Step 2. Apply for a signed certificate
5 Step 3. Intermediate CA certs
6 Step 4. Setup Tomcat to use the SSL certs
7 Step 5. Enable secure XMLUI logins
8 Step 6. Enable HTTPS by default
9 Step 7. Rebuild DSpace
10 Step 8. Check the secure connection
11 References
12 News

Introduction

This wiki page describes a method of securing communications to a DSpace installation on the internet.

To protect the user credentials of the members of the research community that your repository will serve, it is highly recommended that all logins to the system are encrypted using the procedure detailed below.

Update - 2014/11/18

A free certificate authority service is launching in 2015 that will greatly simplify the configuration of a secure server. See the link below.

https://letsencrypt.org

Please Note

It is assumed that DSpace has been installed according to the suggested guidelines here: http://wiki.lib.sun.ac.za/index.php/SUNScholar/DSpace.

This is not needed if doing an evaluation of the software on a test server behind your institutions firewall.

TCP/UDP Port 443

Secure internet connections are created using the secure port (443) which must be opened on the campus firewall for your particular server by the central IT department.
The local Tomcat server itself MUST be listening on port 443 and your local server firewall MUST allow access to port 443. See links below.

SSL Defaults

The default location for certificates is: /etc/ssl/certs. This is where we will put the certificates. Other services should point to this folder for the certificates.