SSL encryption of Internal Chat traffic is turned off by default.
But if you plan to use Internal Chat from outside of your network
(for example if your server listens for user requests on public IP)
it is highly recommended that you enable SSL.
Internal Chat Server is shipped with test certificate. You can use
it for test purposes, but not in production!
To enable SSL you must do the following:
Create your own Java Key Store (JKS) with your certificate. The
easiest way to do it is to use IBM's
Another way is to use keytool (command line tool, shipped with JDK)
- Start KeyMan, choose left icon ("Create new..."), then
"KeyStore Token (password protected)". The main KeyMan window
- Select Actions -> Generate Key, choose appropriate key strength,
push OK. New key will be generated.
- Select Actions -> Create Certificate, choose "Self signed
certificate". Fill the form (pay your attention at "Expires" field!) and
push OK. In the next window you can leave the field empty - it is just
some sort of label for certificate, push OK. Certificate will be generated.
- Select File -> Save. You will be asked for passphrase - type it
and don't forget, it will be needed later. Finally, select the file where
you want your key and certificate to be saved (for example, we will call it
my.jks). This file is the JKS we needed.
Put the JKS-file my.jks into appropriate (secured from others) folder. I
suppose that Internal Chat Server conf/ folder might be the right place.
Edit Server.xml, set:
- UseSSL. Set to true.
- KeyStore. Set to the name of your JKS-file (my.jks in the case).
- InputKeyStorePassword and OutputKeyStorePassword. Set to the passphrase you
typed when you saved JKS-file.
Now your Internal Chat Server is configured to use SSL with your own self-signed
certificate. If you use Internal Chat Client older than 5.5.15, do not forget to check
"Use SSL" box in connection settings on all the clients!
If you need some more information about configuring SSL support in Jetty,
you can find it here.