Generate server (backend) key and certificate
Generating SSL keys and certificates can be a complex undertaking. Fortunately, WMRServer comes with scripts that simplify this process immensely.
On the backend, first make sure that openssl and Java's keytool are on the system $PATH. Then run the following script:
$ cd $WMR_HOME
$ bin/gen-keystore.sh
This will generate a keystore, a file containing both the SSL key and certificate, for the server. The script will prompt you for the location to save the generated keystore, a hostname for the server certificate, and a keystore password. Choose a strong password that is at least six characters long, and remember it so you can enter it in wmr-site.xml later. Feel free to use the defaults for the other two questions.
Configure backend
Add the following directives to wmr.site.xml (which should also be given by the script when it completes):
<property>
<name>wmr.server.ssl.enable</name>
<value>true</value>
</property>
<property>
<name>wmr.server.ssl.keystore</name>
<value>keystore-path</value>
</property>
<property>
<name>wmr.server.ssl.keystore.password</name>
<value>password</value>
</property>
keystore-path should have been given by the script. If you chose the default when the script prompted you for a keystore location, you can omit this property altogether.
Note
In the wmr-site.xml file, the WMRServer installation directory is given by the property ${wmr.home.dir}, not $WMR_HOME. Be sure to note this when setting keystore-path.
If your backend is running, restart it to reload the configuration:
$ cd $WMR_HOME
$ bin/stop-wmr.sh
$ bin/start-wmr.sh
Configure frontend
The script you ran in Step 1 should have output the path to the CA certificate. Copy this file to the frontend's local filesystem, then add the following lines to include/settings.php:
$wmrSSLEnable = 'true';
$wmrSSLCAInfo = '/local/path/to/ca/certificate';
Also in settings.php, change the protocol portion of the $wmrServer URL to https (instead of http):
$wmrServer = 'https://hostname:port';
