Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco SSL Site Certificate Installation

Go to answer
andybarzyk
Champ on-the-rise
Champ on-the-rise

‎12-25-2018 12:30 AM

I am running the community version of Afresco 5 on windows. I used the exe installer.

I have created a public cert and imported both the public ssl cert and the intermediate CA cert into the live trustsore and keystore. I have been reading documentation for several days and cannot find anywhere that describes how to make the Alfresco Share actually start using the new public cert.

Why is this rocket science???

Where is the cert identified???

Any help would be much appreciated.

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
p_bodnar
Confirmed Champ
Confirmed Champ

‎12-27-2018 06:10 AM

Andrew Barzyk‌, the first thing to realize is that the SSL certificates you work with according to the Alfresco documentation are for internal communication of Alfresco repository with Solr (and vice versa). From your original question though, it looks like you want just to add a certificate to your Tomcat (or to an Apache proxy as mentioned by Angel Borroy) in a general way, so that clients (browsers) communicate with your Share application via SSL.

BTW If you let clients access Alfresco / Share only via a proxy like Apache, which is a recommended installation, you don't need to bother with the Alfresco-Solr certificates anymore provided that you block access to the Solr application and Alfresco Solr webscripts URLs by the proxy. This and more stuff around Solr is not quite clear from the official Alfresco documentation, IMO, so I don't wonder that one can get confused from it all...

View answer in original post

0 Kudos
6 REPLIES 6

Go to answer
angelborroy
Community Manager Community Manager
Community Manager

‎12-26-2018 02:39 AM

Hope this helps: Configuring Alfresco SSL certificates | Programming and So 

Hyland Developer Evangelist
0 Kudos

Go to answer
andybarzyk
Champ on-the-rise
Champ on-the-rise

‎12-26-2018 03:28 PM

Thanks for the reply. I have from the beginning generated public certs from letsencrypt.org with the subject name for my public site. I can't figure out how to make the alfresco website use that public certificate. I ran the script and replaced the built-in certs with new self-signed ones  -- the new cert show up on the website but it's still not trusted because it's for "Alfresco Repository" instead of my public site's URL. My cert with the public url for a subject name is in the stores but the site will not use it.

What tells Alfresco which cert to use?

0 Kudos

Go to answer
andybarzyk
Champ on-the-rise
Champ on-the-rise

‎12-26-2018 04:26 PM

In your documentation to import the public cert:

The simplest is to rename that issued certificates as ssl.repo.crt for Alfresco side and ssl.repo.client.crt for SOLR side and then copy both them to CERTIFICATE_HOME folder set in generate_keystores.sh script. After that, comment or remove any line starting with "$JAVA_HOME/bin/keytool" and execute the script.

If I comment out everything starting with "$JAVA_HOME/bin/keytool" the script does nothing but set some environmental variables and tries the copy the files that it did not generate.. all the keystores and truststores...

sorry but i'm really lost here...

0 Kudos

Go to answer
angelborroy
Community Manager Community Manager
Community Manager

‎12-27-2018 03:17 AM

First thing is that I'm never using this approach to provide SSL to Alfresco. Usually, I configure an Apache HTTPd or NGINX in front of Alfresco Tomcat and I include my SSL certificates in this HTTP server.

Anyway, if you want to configure your certificates using Tomcat, just create the stores and certificates described in the post by hand or by using Axel Faust‌ script (included also in the post). 

Sorry, but I'm afraid I cannot be clearer at this point.

Hyland Developer Evangelist
0 Kudos

Go to answer
p_bodnar
Confirmed Champ
Confirmed Champ

‎12-27-2018 06:10 AM

Andrew Barzyk‌, the first thing to realize is that the SSL certificates you work with according to the Alfresco documentation are for internal communication of Alfresco repository with Solr (and vice versa). From your original question though, it looks like you want just to add a certificate to your Tomcat (or to an Apache proxy as mentioned by Angel Borroy) in a general way, so that clients (browsers) communicate with your Share application via SSL.

BTW If you let clients access Alfresco / Share only via a proxy like Apache, which is a recommended installation, you don't need to bother with the Alfresco-Solr certificates anymore provided that you block access to the Solr application and Alfresco Solr webscripts URLs by the proxy. This and more stuff around Solr is not quite clear from the official Alfresco documentation, IMO, so I don't wonder that one can get confused from it all...

0 Kudos

Go to answer
andybarzyk
Champ on-the-rise
Champ on-the-rise
In response to p_bodnar

‎12-31-2018 08:31 PM

Thanks guys, I gave up trying to install public certs on Alfresco and fired

up a Ubuntu/Squid reverse proxy -- everyone was right the proxy was the way

to go. I multi-honed it and threw the public interface in the DMZ. I now

have a proxy that can do header-checking for multiple sites! Thanks to

everyone!

Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC