A Guide to QuarkXPress Server 2018

Using SSL

You can configure QuarkXPress Server with different security options. In addition to your own network security specifications, you can specify Secure Sockets Layer (SSL) protocol for client applications.

Secure Sockets Layer (SSL) support

You can configure Tomcat (and therefore all QuarkXPress Server clients) to run in secure mode with Secure Sockets Layer (SSL) technology. This section explains the configuration process.

It is also possible to run QuarkXPress Server without embedding Tomcat in the JVM. For more information, see the QuarkXPress Server ReadMe file.

To manage Web applications in the QuarkXPress Server environment, QuarkXPress Server embeds an instance of Apache Tomcat 6.18 in its JVM.

When you enable SSL, it applies to all QuarkXPress Server client applications.

Enabling SSL

The instructions below address two scenarios. The "server.xml" file you edit contains XML tags for both scenarios, which you need to enable or disable by "commenting" and "uncommenting" specific tags.

To enable SSL for secure HTTP for all QuarkXPress Server applications:

  1. Open the "conf" folder in your QuarkXPress Server folder.

  2. Open "server.xml" in a text-editing application.

  3. Locate the following tag (preceded by the comment <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->) and comment it out.

    <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="61399" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>
  4. Locate the following tag (preceded by the comment <!-- Define a SSL HTTP/1.1 Connector on port 61399 -->) and uncomment it.

    <Connector port="61399" maxHttpHeaderSize="8192"MaxThreads="150" minSpareThreads="25" maxSpareThreads="75"enableLookups="false" disableUploadTimeout="true"acceptCount="100" scheme="https" secure="true"clientAuth="false" sslProtocol="TLS" />
  5. Replace 61399 with 61400 (or any port on which Tomcat will be listening for secure connections).

  6. Save and close "server.xml."

  7. Open the "ServerApp.properties" file (in the "conf" folder) and enter the port number from step 5 for qxpswebserver.port.

This change means QuarkXPress Server client applications can use HTTPS. For example, the URL for a QuarkXPress Server user would be as follows: https://[server name]:[port]/.

Enabling HTTP and HTTPS

To enable HTTP and HTTPS:

  1. Open the "conf" folder in your QuarkXPress Server folder.

  2. Open "server.xml" in a text-editing application.

  3. Uncomment the following tag:

    <Connector port="61399" maxHttpHeaderSize="8192"MaxThreads="150" minSpareThreads="25" maxSpareThreads="75"enableLookups="false" disableUploadTimeout="true"acceptCount="100" scheme="https" secure="true"clientAuth="false" sslProtocol="TLS" />
  4. Save and close "server.xml."

This feature allows QuarkXPress Server application users to access QuarkXPress Server with HTTPS or HTTP.

Verifying and using SSL

To verify and use SSL:

  1. Start the QuarkXPress Server

  2. Test QuarkXPress Server access by navigating to the QuarkXPress Server Web interface HTTPS. For example: https://[server]:[port]/qxpsadmin

Keystores and SSL certificates

A certificate is a file on a Web server that is used in encryption and confirmation between two endpoints to establish a secure connection. A keystore is essentially a database of digital certificates on the Web server.

You can obtain an SSL certificate from a trusted Certificate Authority (CA). Import the certificate into the keystore used by QuarkXPress Server's JVM.

For more information about the importance of keystores, use the following URL: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html.