Internal Chat

Multiplatform Enterprise Instant Messaging.
Smart. Powerful. Extendable.

Enabling SSL

SSL encryption of Internal Chat traffic is turned off by default. But if you plan to use Internal Chat from outside of your network (for example if your server listens for user requests on public IP) it is highly recommended that you enable SSL.

Internal Chat Server is shipped with test certificate. You can use it for test purposes, but not in production!

To enable SSL you must do the following:

  1. Create your own Java Key Store (JKS) with your certificate. The easiest way to do it is to use IBM's KeyMan tool. Another way is to use keytool (command line tool, shipped with JDK) or OpenSSL.

    • Start KeyMan, choose left icon ("Create new..."), then "KeyStore Token (password protected)". The main KeyMan window will appear.
    • Select Actions -> Generate Key, choose appropriate key strength, push OK. New key will be generated.
    • Select Actions -> Create Certificate, choose "Self signed certificate". Fill the form (pay your attention at "Expires" field!) and push OK. In the next window you can leave the field empty - it is just some sort of label for certificate, push OK. Certificate will be generated.
    • Select File -> Save. You will be asked for passphrase - type it and don't forget, it will be needed later. Finally, select the file where you want your key and certificate to be saved (for example, we will call it my.jks). This file is the JKS we needed.
  2. Put the JKS-file my.jks into appropriate (secured from others) folder. I suppose that Internal Chat Server conf/ folder might be the right place.

  3. Edit Server.xml, set:

    • UseSSL. Set to true.
    • KeyStore. Set to the name of your JKS-file (my.jks in the case).
    • InputKeyStorePassword and OutputKeyStorePassword. Set to the passphrase you typed when you saved JKS-file.

Now your Internal Chat Server is configured to use SSL with your own self-signed certificate. If you use Internal Chat Client older than 5.5.15, do not forget to check "Use SSL" box in connection settings on all the clients!

If you need some more information about configuring SSL support in Jetty, you can find it here. Logo

(C) 2007-2011 Andrew Orlov