Edit online

HTTPS Support

By default, the Windows, Linux and All Platforms distributions of Web Author handle both HTTP and HTTPS traffic. The default certificate used for HTTPS is a self-signed certificate that is not trusted by web browsers. However, this certificate is trusted by Oxygen XML Web Author itself when it connects to the internal License Server.
Note: The recommended way to deploy HTTPS is to use an HTTPS-capable reverse-proxy (such as NGINX) in front of Oxygen XML Web Author.

Replacing the HTTPS Certificate

To avoid warnings displayed by web browsers, always use a valid certificate. To install a new certificate, follow these steps:
  1. Obtain the certificate files from a trusted Certificate Authority and convert them to PEM format.
  2. Save them in a Java Keystore:
    • Build the certificate chain (if needed):
      cat myhost.pem intermediate.pem root.pem > import.pem
    • Convert the private key and certificate files into a PKCS12 file:
      openssl pkcs12 -export -in import.pem -inkey myhost.key.pem -name web-author > server.p12
    • Import the PKCS12 file into Java keystore:
      keytool -importkeystore -srckeystore server.p12 -destkeystore 
          [install dir]/tomcat/conf/web-author.keystore -srcstoretype pkcs12 -alias web-author 
      Note: The password for the web-author.keystore can be found in [install dir]/tomcat/conf/server.xml, in the keystorePass attribute.

Redirecting HTTP to HTTPS

To strengthen the security of your deployment, you should make sure all users connect to Web Author using HTTPS. To redirect all HTTP traffic to HTTPS, you have to set the oxygen.ssl.redirect.domain system property to the domain and port of your server.


Removing the Web Author-specific Keystore

By default, Oxygen XML Web Author is configured to consider its HTTPS certificate as trusted when presented by any server it connects to. This helps you get started quickly and without errors before installing a trusted certificate. Once you configured Oxygen XML Web Author with a trusted certificate, you should remove the oxygen.ssl.trusted.keystore system property.