cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco, OpenCMIS, and SSL

ryanbobko
Champ in-the-making
Champ in-the-making
Hi All,
I'm trying to move my current Alfresco installation to use SSL. The tomcat changes were slight, and I can successfully log into Alfresco via my web browser over HTTPS. However, my OpenCMIS-based application fails to connect regardless of what I do. I've tried using the OpenCMIS workbench to verify my setup, but no luck there, either. I get the dreaded "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" error. I've added my server to every keystore, truststore I can find, but I don't seem to be able to make an end-to-end connection over HTTPS. I'm using the stock Alfresco keys, by the way.

Has anyone successfully moved Alfresco to HTTPS, and connected via OpenCMIS? I'd love to hear any tips.

Thanks,


4 REPLIES 4

parzgnat
Star Contributor
Star Contributor
When you say you've "added [your] server to every keystore", does that mean that you've imported the certificate from the Alfresco repository into the trust store of the JVM that's running your OpenCMIS client (or CMIS Workbench)?  I believe that this is what you need to do.

ryanbobko
Champ in-the-making
Champ in-the-making
Yes. I used a tool called InstallCert to get the cert from Alfresco into my local truststore. For good measure, I've also imported all the keys from the truststores (and heck, keystores) in the alf_data/keystore directory.

ryanbobko
Champ in-the-making
Champ in-the-making
To update folks that might come along later, I've partially solved this problem by regenerating the alfresco keys in alf_data/keystore using the generate_keystores.sh script. I changed the REPO_CERT_DNAME variable to CN=localhost … and restarted Alfresco. I then installed the cert in my keystore. Now workbench works against the HTTPS instance. My app inexplicably doesn't, but at least the goalposts are getting nearer.

ryanbobko
Champ in-the-making
Champ in-the-making
I have solved this problem. My webapp used OpenCMIS to connect to Alfresco over https. My webapp was running with a different JVM than was the workbench stand-alone tool, so once I imported the server's key into both JVMs, both tools worked as expected.