PDF《Implementing HTTPS in CONTENTdm 6》

Implementing HTTPS in CONTENTdm

6 September 5,

2012 ?

2012 OCLC Page

1 of

7 Implementing HTTPS in CONTENTdm

6 This is an overview for CONTENTdm server administrators who want to configure their CONTENTdm Server and Website to make use of HTTPS.

While the CONTENTdm Server has supported HTTPS since version 4.x, you will need to upgrade to CONTENTdm 6.1.4 or later to use HTTPS with the CONTENTdm Website. This information is for system administrators running CONTENTdm locally. It does not apply to users subscribed to CONTENTdm Hosting Services. Learn about: Section I Before You Begin Section II Overview Section III Configuring CONTENTdm to Use HTTPS Section IV Testing the Setup Appendix Example HTTPS Apache Configuration Section I Before You Begin This document assumes experience with configuring and setting up secure web servers using HTTPS and with installing and configuring a CONTENTdm Server &

Website. You must install CONTENTdm 6.1.4 or later before you can make use of HTTPS with the CONTENTdm Website. Section II Overview CONTENTdm

6 requires two distinct web site instances, the Server and the Website. Both can be configured to use HTTPS in addition to HTTP. The CONTENTdm Server is the Administration module for the CONTENTdm collection administrators, the repository for Project Client uploads, and the database &

API server for the CONTENTdm Website. It is helpful to keep in mind the role the Server and Website play when configuring HTTPS: CONTENTdm Server: The Server is configured to run only over HTTP by default. Since the Server is used by CONTENTdm Administrators to manage the collection data and by Project Client users to upload new records, it handles user authentication. To secure the Server logins and to support HTTPS in the CONTENTdm Website, you can add HTTPS to the bindings in IIS or add a virtual host in Apache. This HTTPS binding/virtual host is in addition to the HTTP one that is already configured. Since the Website and Server are typically installed to the same machine, the data calls the Website makes back to the Server can make use of the HTTP protocol. CONTENTdm Website: The Website is the public-facing site, but also hosts the Website Configuration Tool and can be logged into directly for users to access restricted collections or items. To use HTTPS with CONTENTdm, both the Server and the Website will be configured to run over HTTP and HTTPS. The Website will use HTTP for all anonymous traffic and will make calls back to the Server over HTTP as well. When a user logs into the Website (whether to the public-facing Login box or to the Website Configuration Tool) the site will redirect to HTTPS and all calls back to the Server at that point will be over HTTPS. The Website makes a few cURL calls to itself but the majority of its traffic is back to the Server. For this to be handled in a secure way, the Website code needs to know the location of the Server'

s SSL certificate and be able to read it. This is straightforward when Server and Implementing HTTPS in CONTENTdm

6 September 5,

2012 ?

2012 OCLC Page

2 of

7 Website are installed to the same machine. If Server and Website have been separated, it will be necessary to export the Server'

s certificate and copy it to a location the Website can access. The details of implementing HTTPS will not be described here. There are many ways to set up HTTPS and certificate creation and management will be particular to your environment. See the appendix at the end of this document for an example Apache configuration using HTTPS with the CONTENTdm Website. Section III Configuring CONTENTdm to Use HTTPS Once you have set up your web server (IIS or Apache) to use the HTTPS protocol, it is necessary to configure CONTENTdm. CONTENTdm Server: Configuring HTTPS for the CONTENTdm Server is straightforward and can be handled exclusively through IIS on Windows or Apache on Linux. For IIS you can add HTTPS to the bindings for the site instance and in Apache you can add an additional Virtual Host configuration to the CONTENTdm Server'