https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293724#M246854 <HTML><HEAD></HEAD><BODY><SPAN>Greetz!</SPAN><BR /><BR /><SPAN>So I've been working on getting my 3dp CA installed but coming into problems. I know a lot of people are using mod_jk and fronting with Apache, don't want to do that, seems really unnecessary.</SPAN><BR /><BR /><SPAN>After looking at server.xml for tomcat, I see that Alfresco is using ssl.keystore and ssl.truststore. I've also been readying about the cacerts file located in alfresco\java\jre\lib\security</SPAN><BR /><BR /><SPAN>Basically I have what is called a class 4 ssl certificate (extended class 3).</SPAN><BR /><SPAN>From my CA (startcom) they give me:</SPAN><BR /><SPAN>ca.pem</SPAN><BR /><SPAN>sub.class4.server.ca.pem</SPAN><BR /><BR /><SPAN>or they can give me the same thing in .crt format (or .der format i think it is?).</SPAN><BR /><SPAN>I've been able to install with the .crt, but get error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH</SPAN><BR /><BR /><SPAN>I also have a .p12 file, .crt and .key file (which is what I made the .p12 from).</SPAN><BR /><BR /><SPAN>How exactly did Alfresco change this from a stock tomcat config? What is the proper procedure, i've seen tons of posts, some kinda work, some dont, and my CA give me this to follow:</SPAN><BR /><A href="https://forum.startcom.org/viewtopic.php?f=15&amp;t=1390" rel="nofollow noopener noreferrer">https://forum.startcom.org/viewtopic.php?f=15&amp;t=1390</A><BR /><BR /><BR /><SPAN>All help greatly appreciated, as this part seems to not be greatly documented in regards to importing your 3dp CA.</SPAN></BODY></HTML> Tue, 26 Mar 2013 20:35:35 GMT 102020 2013-03-26T20:35:35Z https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293724#M246854 Greetz!So I've been working on getting my 3dp CA installed but coming into problems. I know a lot of people are using mod_jk and fronting with Apache, don't want to do that, seems really unnecessary.After looking at server.xml for tomcat, I see that Alfresco is using ssl.keystore and ssl.truststore. Tue, 26 Mar 2013 20:35:35 GMT https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293724#M246854 102020 2013-03-26T20:35:35Z https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293725#M246855 <HTML><HEAD></HEAD><BODY><SPAN>Ok so here are the commands and such you need to do, we used StartCom SSL for our 3DP ssl.</SPAN><BR /><BR /><SPAN>keytool -genkey -alias myServer.FQDN.com -dname "cn=myServer.FQDN.com, o=FQDN, o=.com" -keystore c:\Alfresco\alf_data\keystore\keystore.jks -keysize 2048 -keyalg RSA</SPAN><BR /><BR /><SPAN>keytool -certreq -alias myServer.FQDN.com -file myServer.FQDN.com.csr</SPAN><BR /><BR /><SPAN>&gt;Copy contents of csr, paste into startcom, generates crt, download crt. at same time download intermediate and root certs.</SPAN><BR /><BR /><SPAN>keytool -import -trustcacerts -alias startcom.ca -file c:\Alfresco\alf_data\keystore\ca.crt -keystore c:\Alfresco\java\jre\lib\security\cacerts</SPAN><BR /><BR /><SPAN>keytool -import -trustcacerts -alias startcom.ca.sub -file c:\Alfresco\alf_data\keystore\sub.class3.server.ca.crt -keystore c:\Alfresco\java\jre\lib\security\cacerts</SPAN><BR /><BR /><SPAN>&gt;Restart Alfresco</SPAN><BR /><BR /><SPAN>keytool -importcert -alias myServer.FQDN.com -file c:\Alfresco\alf_data\keystore\myServer.FQDN.com.signed.crt -trustcacerts -keystore c:\Alfresco\alf_data\keystore\keystore.jks</SPAN><BR /><BR /><SPAN>&gt;Edit c:\Alfresco\tomcat\conf\server.xml</SPAN><BR /><BR /><SPAN>Find:</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; &lt;Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; maxThreads="150" scheme="https" keystoreFile="C:\Alfresco/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"</SPAN><BR /><SPAN> secure="true" connectionTimeout="240000" truststoreFile="C:\Alfresco/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxSavePostSize="-1" /&gt;&nbsp; </SPAN><BR /><BR /><BR /><SPAN>Replace:</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp; &lt;Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; maxThreads="150" scheme="https" keystoreFile="C:\Alfresco/alf_data/keystore/keystore.jks" keystorePass="kT9X6oe68t" keystoreType="JKS"</SPAN><BR /><SPAN> secure="true" connectionTimeout="240000" clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxSavePostSize="-1" /&gt;&nbsp; </SPAN><BR /><BR /><BR /><SPAN>This will get SSL on port 8443 (or whatever you set your SSL port as) to be a fully signed certificate. You can also go into your alfresco-global.properties and add the following to use the same certificate for Share Point SSL over port 7070:</SPAN><BR /><BR /><SPAN>### Sharepoint ###</SPAN><BR /><SPAN>vti.server.external.host=myServer.FQDN.com</SPAN><BR /><SPAN>vti.server.external.port=7070</SPAN><BR /><SPAN>vti.server.external.protocol=https</SPAN><BR /><SPAN>vti.server.ssl.keystore=C:/Alfresco/keys/keystore.jks</SPAN><BR /><SPAN>vti.server.ssl.password=kT9X6oe68t</SPAN><BR /><BR /><BR /><SPAN>just a note: the vti.server.ssl.password value is the default keystore password.</SPAN></BODY></HTML> Mon, 08 Apr 2013 18:50:00 GMT https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293725#M246855 102020 2013-04-08T18:50:00Z https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293726#M246856 <HTML><HEAD></HEAD><BODY><SPAN>I have followed your instructions and modified them accordingly to work on the OS that I'm using. </SPAN><BR /><BR /><SPAN>My topic is here: </SPAN><A href="http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/integration-other-systems/integrating-0" rel="nofollow noopener noreferrer">http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/integration-other-systems/integrating-0</A><BR /><BR /><SPAN>I followed your instructions from here:</SPAN><BR /><A href="http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/installation-upgrades/howto-installconfig-3x" rel="nofollow noopener noreferrer">http://forums.alfresco.com/forum/installation-upgrades-configuration-integration/installation-upgrades/howto-installconfig-3x</A><BR /><BR /><SPAN>So I skipped over the first part and went down to the https part and followed the instructions for a self signed cer. I didn't do that above part where you add to the alfresco-global.properties file. I don't know if it is crucial to have that step or not. When I make the changes and restart alfresco I can't reach </SPAN><A href="https://my.fqdn.addy:8443/share" rel="nofollow noopener noreferrer">https://my.fqdn.addy:8443/share</A><SPAN> nor </SPAN><A href="http://my.fqdn.addy:8080/share" rel="nofollow noopener noreferrer">http://my.fqdn.addy:8080/share</A><SPAN>. Neither one works…in fact it breaks. I end up having to completely erase the whole install and re-install.</SPAN><BR /><SPAN>So I tried modifying the share-config-custom.xml like the original instructions said to do. That doesn't do anything either. </SPAN><BR /><BR /><SPAN>Is there any off chance you could point me in the right direction of what I need to do? Right now I'm working on using apache (httpd) to handle the ssl and not worry about the tomcat version that alfresco uses. I'd like not to do it that way, but I'm running out of options to try.</SPAN><BR /><BR /><BR /><SPAN>Bitto</SPAN></BODY></HTML> Tue, 18 Jun 2013 21:05:21 GMT https://connect.hyland.com/t5/alfresco-archive/tomcat-ssl-help-plz-solved/m-p/293726#M246856 eswbitto 2013-06-18T21:05:21Z