cancel
Showing results for 
Search instead for 
Did you mean: 

change certificates in alfresco 7.2 docker ngnix

javico1
Confirmed Champ
Confirmed Champ

 Hello guys, I have a question. I have installed alfresco 7.2 with docker using https and ngnix.
I need to change the certificates that come with my own certificates for certificates self-generated
by our company's CA. Inside the ngnix folder there are subfolders that have two certificates, a crt
and a .key at the same time. Changing it to autogenerated ones doesn't make me feel better.
Any suggestions on how to change them. Greetings and thanks in advance.

1 ACCEPTED ANSWER

The solution to use another ca or certifying entity is to first use a 2048 bit key, then use the key name the same as the one generated, generate the certificate in a pem .cer and paste them in the ngnix cert folder.

View answer in original post

6 REPLIES 6

fedorow
Elite Collaborator
Elite Collaborator

If you are using Alfresco Docker installer folder structure and your docker compose proxy service looks like this:

    proxy:
        image: nginx:stable-alpine
... volumes: - ./config/nginx.conf:/etc/nginx/nginx.conf - ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd - ./config/cert/localhost.cer:/etc/nginx/localhost.cer - ./config/cert/localhost.key:/etc/nginx/localhost.key ports: - 443:443

then go to the Alfresco project folder (where docker-compose.yml is) and execute next:

openssl genpkey -algorithm RSA -out ./config/cert/localhost.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key ./config/cert/localhost.key -out ./config/cert/localhost.cer
openssl x509 -req -days 365 -in ./config/cert/localhost.cer -signkey ./config/cert/localhost.key -out ./config/cert/localhost.cer

Restart 'proxy' service to apply new certificate.

Hope you will feel better.

  I want to add a certificate generated by a certifying authority in my country, not generate a self-signed certificate by openssl, my question is, I delete the ngnix certificates and add the same name that they had to my certificates but it doesn't work, what should I do, how do I change the certifying entity..

fedorow
Elite Collaborator
Elite Collaborator

There could be two causes:

1. NGINX requires the SSL key and certificate to be in PEM (Privacy Enhanced Mail) format. Convert it if you have another format.

2. Sometime you must add the full certificate chain. It depands on your certificate authority proveder and goes far from Alfresco. Add full chain or consult with your CA proveder.

but in ngnix cert there are only two certificates, the key, that is, the .key and the .cert, there is no .pem

The solution to use another ca or certifying entity is to first use a 2048 bit key, then use the key name the same as the one generated, generate the certificate in a pem .cer and paste them in the ngnix cert folder.

And those commands are placed inside the docker-compose.yml or in my case I am using Ubuntu, that is, a cd inside the project and I execute the command, sorry for the inconvenience, I am new to this project