Configure Cargo for SSL/TLS - Bloomreach Experience - Open Source CMS

This article covers a Hippo CMS version 12. There's an updated version available that covers our most recent release.


Configure Cargo for SSL/TLS



Configure your local Cargo-based development environment to use SSL/TLS.


A standard implementation project created using the Bloomreach Experience Manager Maven archetype is configured to run in a local Cargo-based development environment. By default, the Tomcat container in this environment is configured to use an unencrypted HTTP connection, which is sufficient for most local development use cases. This page explains how you can configure Cargo to use an encrypted HTTPS connection instead, in case you need to develop or test an SSL/TLS setup locally.

The configuration described on this page should only be used for local development and testing purposes.


Prepare Keystore, Certificate, and Truststore

From within your project's root directory, change to the conf directory:

cd conf

Use the Java keytool command to create a keystore inside the conf directory:

keytool -keystore tomcatkeystore -genkey -alias -keyalg RSA

When answering the questions asked by keytool, make sure to use the name (CN) "":

Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your organizational unit?
  [Unknown]:  Infra
What is the name of your organization?
  [Unknown]:  Hippo
What is the name of your City or Locality?
  [Unknown]:  Boston
What is the name of your State or Province?
  [Unknown]:  MA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=, OU=Infra, O=Hippo, L=Boston, ST=MA, C=US correct?
  [no]:  yes

Enter key password for <>
        (RETURN if same as keystore password):
Re-enter new password:

There should now be a file called tomcatkeystore in your project's conf directory.

Next, use keytool to export a certificate from the keystore:

keytool -keystore tomcatkeystore -exportcert -alias -file tomcat.cert

Finally, use keytool to create a truststore and import the certificate into it: 

keytool -import -file tomcat.cert -alias -keystore tomcattruststore

When asked to trust the certificate, answer 'yes':

Trust this certificate? [no]:  yes

There should now be a file called tomcattruststore in your project's conf directory.

Configure Cargo Plugin

In your project's root pom.xml, find the profile.

Inside the profile, find the cargo-maven2-plugin plugin configuration properties.

Add the following plugin configuration properties to plugin/configuration/configuration/properties:


Still inside the profile, add the following system properties to plugin/configuration/container/systemProperties:


Build your project.

Configure Hippo's Delivery Tier

Run your project.

Point your web browser to the console at:


Login as admin and browse to the node /hst:hst/hst:hosts.

Set the property hst:scheme to https:

  - hst:scheme = https

Browse to the node /hst:hst/hst:hosts/dev-localhost.

Update the hst:cmslocation and hst:defaultport properties to use the HTTPS protocol and port 8443.

  - hst:cmslocation = https://localhost:8443/cms
  - hst:defaultport = 8443

Browse to the node /hippo:configuration/hippo:frontend/cms/cms-services/hstRestProxyService.

Update the rest.uri property to use the HTTPS protocol and port 8443:

  - rest.uri =

Write your changes to the repository.

Point your browser to the CMS at:


Verify that the channel manager is working. If not double-check the hstRestProxyService configuration.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?