This document provides an example of running Swarm under HTTPS on Ubuntu 14.04 using a self signed certificate.
For general instructions, see Configuring Swarm for SSL with apache2 or httpd
1. Enable SSL for Apache2
sudo a2enmod ssl
2. Create directory to save certificates
sudo mkdir /etc/apache2/ssl
3. Create the required certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
: Ensure the 'Common Name' you provide matches your Swarm servers FQDN exactly.
4. Follow the on screen prompts adding organization information as required.
5. Backup the current HTTP virtual host configuration:
cp /etc/apache2/sites-available/perforce-swarm-site.conf /etc/apache2/sites-available/perforce-swarm-site.conf.BAK
6. Edit the Apache site config file for the Swarm virtual host:
sudo nano /etc/apache2/sites-available/perforce-swarm-site.conf
We'll continue to listing on port 80 for plain HTTP requests and on port 443 for HTTPS. See below, replacing SWARM-SERVER_HOSTNAME
with the FQDN of your Swarm server.
CustomLog "/var/log/apache2/swarm.access_log" common
Require all granted
CustomLog "/var/log/apache2/swarmssl.access_log" common
Require all granted
: Please check with your security team to ensure the permissions provided in this setup are suitably restrictive for your environment.
5. Restart Apache to pickup the changes
sudo service apache2 restart
6. Now try your new HTTPS URL from a web browser.Important Note
: If the FQDN of the server provided for the certificate and the Apache configuration above is not accurate the P4V integration will fail with the message 'SSL handshake failed'.
This same FQDN must be returned by both the clients and the Swarm server when an IP address lookup is performed.Additional Important Note:
You must ensure that the pem or crt file are installed onto every user's machine and also the Helix Server as well. To verify that the Helix Server has the cert or pem installed just run "curl https://SWARM-HOST" if you get back an message about using "--no-check-certificate" then it suggest that the cert are not installed correctly. Please follow the below article which help solve the issue: http://happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/