[MNGSITE-341] use https for sigs, hashes and KEYS
diff --git a/src/site/xdoc/download.xml.vm b/src/site/xdoc/download.xml.vm
index 3c88adf..1bfd348 100644
--- a/src/site/xdoc/download.xml.vm
+++ b/src/site/xdoc/download.xml.vm
@@ -34,7 +34,7 @@
<p>In order to guard against corrupted downloads/installations, it is highly recommended to
<a href="http://www.apache.org/dev/release-signing#verifying-signature">verify the signature</a>
- of the release bundles against the public <a href="http://www.apache.org/dist/maven/KEYS">KEYS</a> used by the Apache Maven
+ of the release bundles against the public <a href="https://www.apache.org/dist/maven/KEYS">KEYS</a> used by the Apache Maven
developers.</p>
<p>${project.name} is distributed under the <a href="http://www.apache.org/licenses/">Apache License, version 2.0</a>.</p>