It is entirely possible that the HTTP listener may be working, but secure URLs using the HTTPS protocol may not be. To verify that the Secure Sockets Layer (SSL) encryption works and that OFBiz is listening for web requests on the secure HTTPS configured port, navigate to the OFBiz WebTools main landing page and attempt to access any of the menu selections provided.
Aside from starting up an instance of OFBiz, there are no special prerequisites necessary to test OFBiz SSL support.
OFBiz SSL support can be tested by following these steps:
- From any compliant web browser, enter the URL of an OFBiz password-protected Application. For example, enter the URL of the WebTools Application: http://localhost:8080/webtools
- The WebTools Application has a main landing web page as shown below. This web page is not password-protected. In order to access the protected WebTools applications, you must select the Login link on this main landing page as shown in the following:
- When presented with the WebTools login screen, login using the default username of admin and default password of ofbiz. This HTML login form should look something like the following:
- Successful login will bring up the protected portion of the WebTools Application UI. Observe that you are able to see the main web page as shown here:
The SSL protocol implementation is an integral part of the OFBiz project. Out-of-the-box, OFBiz is configured to use the HTTPS protocol running on port 8443 to support SSL. All password-protected portions of the project use SSL keys and encryption to secure the transfer and storage of sensitive information.
OFBiz comes with the necessary SSL certificate installed to support a generic web browser to web server SSL environment. By accessing password-protected web pages such as the WebTools main menu, you effectively are exercising the built-in support for the SSL implementation.
WebTools, like all OFBiz backend Applications, has been configured to require authentication prior to access. The default OFBiz authentication process forces the user to access any SSL-secured URL through the HTTPS port. The astute observer may have noticed that WebTools was initially accessed using the HTTP protocol on port 8080. If OFBiz is working correctly, it will automatically make the translation from HTTP port 8080 to HTTPS port 8443.
For more on security, refer to Chapter 7, OFBiz Security.