Skip to Content

Configure SSL for Web Services

Note

The information on this page applies only to hosted endpoints, including hosted HTTP endpoints and hosted web services.

Basic Configuration

Windows

To access Jitterbit web services with SSL encryption enabled you need to install a server certificate and a corresponding private key. Follow these steps:

  • Edit httpd.conf and uncomment these two lines:

    #Include conf/extra/httpd-ssl.conf
#LoadModule ssl_module modules/mod_ssl.so

  • Put your certificate in the file conf/ssl.crt/server.crt

  • Put your private key in the file conf/ssl.key/server.key

  • Restart the "Jitterbit Apache Server" service.

All file names are relative to the Apache install directory. (The default location is C:\Program Files\Jitterbit Integration Server\Apache)

The default ports for accessing Jitterbit:

  • HTTPS is 46909
  • HTTP is 46908
  • The default port can be set in the httpd-ssl.conf file.

For more information, including instructions on generating a self-signed certificate for testing purposes, see the Apache HTTP Server FAQ: http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html

The openssl command comes with Jitterbit and can be used to generate a self-signed certificate:

  • Open a DOS prompt, and enter:

    > cd %JITTERBIT_HOME%\apache\bin
> openssl req -days 365 -new -x509 -nodes -out server.crt -keyout server.key -config ..\conf\openssl.cnf

  • If you want the certificate to be valid for more than one year, increase the -days argument.

  • Enter the required information. For Common Name, use the external name of the server.

  • The certificate and private key will be in server.crt and server.key respectively.

Note

When there is a major upgrade to Jitterbit, the httpd.conf and ssl.conf files may be overwritten. If you edit either of these files, please keep a backup for your reference.

Linux

A self-signed certificate is generated when the Private Agent is installed and SSL is enabled by default.

To manually generate a self-signed certificate:

  • From the command prompt as root, enter

    # service jitterbit gen_server_cert

The default ports for accessing Jitterbit:

  • HTTPS is 46909
  • HTTP is 46908
  • The default port can be set in the httpd-ssl.conf file.

To use a private signed certificate:

  • Replace the certificate located in /opt/jitterbit/apache/conf/server.crt

  • Replace the key located in /opt/jitterbit/apache/conf/server.key

  • To have the files located in a different location, you will need to change /opt/jitterbit/apache/conf/extra/httpd-ssl.conf accordingly.

  • Restart Jitterbit:

    $ sudo jitterbit restart

The locations above apply to Harmony only. On older Jitterbit v5 installations with Apache 2.0, the files will be located at /opt/jitterbit/apache2.

Note

When there is a major upgrade to Jitterbit, the httpd.conf and ssl.conf files may be overwritten. If you edit either of these files, please keep a backup for your reference.

Custom Configuration

If you need a custom configuration such as Server Certificate Chain, Certificate Authority (CA - for client authentication) or Certificate Revocation Lists (CRL) you need to edit the ssl.conf file and put your support file(s) in the indicated locations.