Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Howto Secure Alfresco with https: access?

dholgado
Champ in-the-making
Champ in-the-making

‎10-04-2007 05:27 AM

Can someone please explain how to configure alfresco 2.1.0 so that it is accesable via web only through https://

The system is running the Alfresco 2.1.0 tomcal bundle on linux with a mysql database

The linux distribution I have used is debian etch 4.0

I would also like to know how I can configure alfresco so that the user spaces are only accesable by the user alone.

Thank you
Labels:
0 Kudos
33 REPLIES 33

bnice
Champ in-the-making
Champ in-the-making

‎09-21-2009 10:59 AM

Hi,

I'm currently using Labs3 final.
Everything's running fine with SSL: Alfresco, Share and DoCASU.
Did you create the certificate for tomcat:
/usr/java/jdk1.6.0_12/bin/keytool -genkey -alias tomcat -keyalg RSA
This will ask you for a keystore-password and further details.

Additionaly, you have to remove the comment signs "<!– … —>" for the SSL connector (I think you have already done this, if Alfresco works with SSL):

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/.keystore" keystorePass="xxx"
               clientAuth="false" sslProtocol="TLS" />

You can find more info on configuring SSL with tomcat here:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
0 Kudos

dangruhn
Champ in-the-making
Champ in-the-making

‎03-09-2010 09:02 AM

I am using 3.2r2 community and have created the keystore and uncommented the https section and port 8443 works fine for explorer and share as long as I don't comment out port 8080. This means that people can access my server without SSL if they just use port 8080.

I can set up my firewall so that people cannot access 8080 but is there a way to drop port 8080 entirely so that even my internal folks need to use SSL?

When I comment out 8080, I get the following:

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: org.alfresco.error.AlfrescoRuntimeException: 02090001 Unable to retrieve object: site-index of type: page
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:146)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.error.AlfrescoRuntimeException: 02090001 Unable to retrieve object: site-index of type: page
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:140)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.web.framework.exception.ModelObjectPersisterException: Error loading object id: site-index from persister id: RemoteStore_alfresco/site-data/pages_page
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:110)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

org.alfresco.web.framework.exception.ModelObjectPersisterException: Failure to load model object for path: site-index.xml
   org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:170)
   org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

root cause

java.io.IOException: Unable to test document path: site-index.xml in remote store: alfresco due to error: 498 Connection refused
   org.alfresco.web.scripts.RemoteStore.hasDocument(RemoteStore.java:351)
   org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:136)
   org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
   org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
   org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
   org.alfresco.web.site.Model.getObject(Model.java:513)
   org.alfresco.web.site.Model.getPage(Model.java:165)
   org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
   org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
   org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
   org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
   org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.

I can see that redirection from https is going to http:8080 but how to fix this?

Centos 5.4
Alfresco 3.2r2
MySQL 5.1
0 Kudos

icpeanuts
Champ in-the-making
Champ in-the-making

‎05-06-2010 02:48 AM

Thanks for the info, I was able to get https to work using the above info.

I am having a problem where anytime when I upload something, ie a photo to the user profile, it will say Upload Failure. This happens when I upload a document to the Document Library. This is only happening if I use https.

If I use http, everything works fine. Can someone give me some pointer to get this resolve. I am able to login and access Alfresco versio 3.3 via https. The error only occurs when I try to uplaod something, it will say Upload Failure.

Thanks in advance
0 Kudos

mikeh
Star Contributor
Star Contributor

‎05-06-2010 03:09 AM

Please see: https://issues.alfresco.com/jira/browse/ALF-1324

Thanks,
Mike
0 Kudos

icpeanuts
Champ in-the-making
Champ in-the-making

‎05-06-2010 11:40 AM

I tried the following, it is not working for me.
Resolution: When using internet explorer add the cert to "Trusted Root Certification Authorities", upload now works in Firefox.

I exported the personal SSL, import to the "Trusted Root Certification Authorities", it shows up on the list, but when I tried to access https:, Internet Explorer still said
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

I continue to get security warnings in Internet Explorer, but I was able to upload files via "Internet Explorer" ,but I can not using Mozilla Firefox.

What am I not doing? Thanks.
0 Kudos

mikeh
Star Contributor
Star Contributor

‎05-06-2010 12:01 PM

What am I not doing? Thanks.
No idea, sorry. The fix was supplied by a Community member. As far as Alfresco are concerned, unfortunately there's very little we can do about it until either (i) Adobe decide to fix the problem or (ii) native multi-file upload in browsers becomes more viable to support.

Thanks,
Mike
0 Kudos

icpeanuts
Champ in-the-making
Champ in-the-making

‎05-06-2010 12:43 PM

Thanks, when will Native file upload be integrated into Alfresco?
0 Kudos

mikeh
Star Contributor
Star Contributor

‎05-06-2010 01:11 PM

Thanks, when will Native file upload be integrated into Alfresco?
When we're certain browser vendors have settled on a standard and we can find time to investigate and implement. Of course, if somebody else would like to contribute it, it will get in much quicker!  :wink:

Thanks,
Mike
0 Kudos

anidem
Champ in-the-making
Champ in-the-making

‎12-28-2010 03:20 AM

Dear Alfresco User,

Good Day, I am new to alfresco and tomcat. I have seen your post that you have successfully configured alfresco on a secured connection https. In which i have not been to successful on doing the configuration. I was hopping you can share me the configuration or detailed steps on how you did the configuration.

I am currently using Alfresco Share Community 3.4b on a Windows 7 Home Premium computer.

1. I have created a .keystore
2. I have edit the server.xml:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true" keystoreFile="conf/.keystore" keystorePass="changeit"
               clientAuth="false" sslProtocol="TLS" />   

but when i try to load https://localhost:8443/
nothing happens

I hope you can help me out. Please give a detailed instructions. 
Thank you very much…
0 Kudos

coene
Champ in-the-making
Champ in-the-making

‎01-04-2011 08:25 AM

Hi,

I have the same problem, I found this issue addressed earlier and I read about all the probable solutions but still no succes.
I tried this activating https/8443 on another server (with tomcat 5.0 and another application) and with succes, no problem there.

But on my Alfresco-server it won't work.  (Alfresco Community 3.4b on Windows 2003sp2)
I tried different things like placing the keystorefile in different places, changing the format of the-path-to, tried 443  etc… no luck. I can see (tcpViewer) that there is a connection established on port 8443 but that's all, no certificate seems to be delivered to the client-browser.

Any suggestions?

—————————————-

!!!!!!    Update: I re-evaluated my server.xml file and changed two lines to avoid auto-configuration of the SSL-implementation:

-1.   protocol="org.apache.coyote.http11.Http11Protocol" instead of the default line:  protocol="HTTP/1.1"
-2.   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" /> instead of value "on" which is default

That did the trick.  Smiley Very Happy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC