Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

change certificates in alfresco 7.2 docker ngnix

Go to answer
javico1
Confirmed Champ
Confirmed Champ

‎07-24-2024 10:03 AM

 Hello guys, I have a question. I have installed alfresco 7.2 with docker using https and ngnix.
I need to change the certificates that come with my own certificates for certificates self-generated
by our company's CA. Inside the ngnix folder there are subfolders that have two certificates, a crt
and a .key at the same time. Changing it to autogenerated ones doesn't make me feel better.
Any suggestions on how to change them. Greetings and thanks in advance.

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
javico1
Confirmed Champ
Confirmed Champ
In response to javico1

‎07-29-2024 12:38 PM

The solution to use another ca or certifying entity is to first use a 2048 bit key, then use the key name the same as the one generated, generate the certificate in a pem .cer and paste them in the ngnix cert folder.

View answer in original post

0 Kudos
6 REPLIES 6

Go to answer
fedorow
Elite Collaborator
Elite Collaborator

‎07-29-2024 03:31 AM

If you are using Alfresco Docker installer folder structure and your docker compose proxy service looks like this:

    proxy:
        image: nginx:stable-alpine
        ...
        volumes:
            - ./config/nginx.conf:/etc/nginx/nginx.conf
            - ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd 
            - ./config/cert/localhost.cer:/etc/nginx/localhost.cer
            - ./config/cert/localhost.key:/etc/nginx/localhost.key 
        ports:
            - 443:443

then go to the Alfresco project folder (where docker-compose.yml is) and execute next:

openssl genpkey -algorithm RSA -out ./config/cert/localhost.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key ./config/cert/localhost.key -out ./config/cert/localhost.cer
openssl x509 -req -days 365 -in ./config/cert/localhost.cer -signkey ./config/cert/localhost.key -out ./config/cert/localhost.cer

Restart 'proxy' service to apply new certificate.

Hope you will feel better.

0 Kudos

Go to answer
javico1
Confirmed Champ
Confirmed Champ
In response to fedorow

‎07-29-2024 10:55 AM

  I want to add a certificate generated by a certifying authority in my country, not generate a self-signed certificate by openssl, my question is, I delete the ngnix certificates and add the same name that they had to my certificates but it doesn't work, what should I do, how do I change the certifying entity..

0 Kudos

Go to answer
fedorow
Elite Collaborator
Elite Collaborator
In response to javico1

‎07-29-2024 11:08 AM

There could be two causes:

1. NGINX requires the SSL key and certificate to be in PEM (Privacy Enhanced Mail) format. Convert it if you have another format.

2. Sometime you must add the full certificate chain. It depands on your certificate authority proveder and goes far from Alfresco. Add full chain or consult with your CA proveder.

0 Kudos

Go to answer
javico1
Confirmed Champ
Confirmed Champ
In response to fedorow

‎07-29-2024 11:46 AM

but in ngnix cert there are only two certificates, the key, that is, the .key and the .cert, there is no .pem

0 Kudos

Go to answer
javico1
Confirmed Champ
Confirmed Champ
In response to javico1

‎07-29-2024 12:38 PM

The solution to use another ca or certifying entity is to first use a 2048 bit key, then use the key name the same as the one generated, generate the certificate in a pem .cer and paste them in the ngnix cert folder.

0 Kudos

Go to answer
javico1
Confirmed Champ
Confirmed Champ
In response to fedorow

‎07-29-2024 10:57 AM

And those commands are placed inside the docker-compose.yml or in my case I am using Ubuntu, that is, a cd inside the project and I execute the command, sorry for the inconvenience, I am new to this project

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC