Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Changing the SSL certificate for Tomcat SSL

michaelk
Champ in-the-making
Champ in-the-making

‎10-10-2011 04:27 PM

I using SSL (on port 8443) for access to Alfresco.
I have changed the tomcat/conf/server.xml to….

<Connector port="9009" protocol="AJP/1.3" redirectPort="8443" />
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
               maxThreads="150" scheme="https" keystoreFile="/var/home/loc/alfresco-4.0.a/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000" truststoreFile="/var/home/loc/alfresco-4.0.a/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
               clientAuth="false" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" />

This works fine but if I change the keystore and truststore to my own certificate (instead of the Alfreso supplied certificate), I can access the site but the data is not available ?

I tried using the procedure in
tomcat/webapps/alfresco/WEB-INF/classes/alfresco/keystore/CreateSSLKeystores.txt
to create new ssl.keystore and ssl.truststore files.  These also could not access the repositories. 

Is my repository protected by the default "Alfresco Cert" and if I change the Tomcat SSL certificate do I screw up access to the repository.

Can I change certificates without starting the repository from scratch and if how ???

thanks….
Labels:
0 Kudos
2 REPLIES 2

leftcase
Champ in-the-making
Champ in-the-making

‎11-01-2011 03:42 PM

I put Apache 2.2 in front of Tomcat and use that to service user requests. Personally I find Apache easier to configure for SSL.

Some info here:

http://wiki.alfresco.com/wiki/Deploying_To_Server
0 Kudos

dalvim
Champ in-the-making
Champ in-the-making

‎07-11-2012 05:51 AM

Hello!

I'm having the same issue here. It's strange (and unfortunate) that the out-of-the-box instructions to using a self-signed certificate do not work… :?

And worse of all, i hear several people proposing apache as a solution. Shouldn't the default system work? Smiley Sad

I know nothing about apache and i fear that opting for that solution will bring further problems (i did have a small go at it and so far this is confirmed lol).

Is there anyone that knows how to make it work with tomcat? It's so frustrating! lol. A task so simple as changing a certificate (be it self-signed or third party) made so difficult…

Thanks! Smiley Happy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC