cancel
Showing results for 
Search instead for 
Did you mean: 

Default generated SSL Certificate contains 'invalid address'

shmuel_levine
Champ in-the-making
Champ in-the-making
Hi,
I've tried to put together a working installation of Alfresco based on the documentation and it appears to be working now, more or less.

The issue which I have encountered is related to the self-generated SSL certificates which were automatically set up by the installation script.  I understand that these certificates are self-generated and I have, of course, already added both the CA and the site certificates to Windows Trusted Root Certificate store.  However, I am still received an error messages about an invalid certificate when I try logging into the site through a web browser – and more importantly (to me, at least) – the Windows 7 WebDAV client fails to connect.

The error message that I am receiving is:
IE: Mismatched Address. The security certificate presented for this website was issued for a different website's address
Chrome:  <strong>This is probably not the site you are looking for!</strong>  You attempted to reach xxx.xxxx.xx (my FQDN), but instead you actually reached a server identifying itself as <strong>Alfresco Repository</strong>

Viewing the certificate information, I see that the certificate was:
<strong>Issued to:</strong>     Alfresco Repository
<strong>Issued by:</strong>     Alfresco CA

All of my DNS settings appear to be correct.  The actual 'hostname' on the server matches the CNAME entry in DNS.

I've tried Googling this for more information, but I have been unable to find anything helpful.  Most of what I have found is either about incorporating 3rd-party certificates (not interested – personal website), or about setting up the keystores with the default information.  Indeed, I see from that wiki page that it explicitly says to use "Alfresco Repository" in the CN for the certificate.  This appears to be the source of the troubles, but I'm a little hesitant to regenerate these certificates and end up ruining this installation.

Has anyone encountered and resolved a similar issue?

Thanks and your help is much appreciated.
Shmuel
2 REPLIES 2

afaust
Legendary Innovator
Legendary Innovator
Hello,

if you want to have a valid SSL certificate for your specific DNS / host name, you absolutely have to regenerate the certificates specific to your environment. The default certificates are basically just for evaluation installations and not meant to be used in production. Anyone of your users could just get the Repository certificate from the Alfresco downloads, access your SOLR server and thus be able to research a large part of your content without content permissions stopping them in any way.

Regards
Axel

shmuel_levine
Champ in-the-making
Champ in-the-making
Axel,
Thanks for your response.

I found a script to generate new keystores and in there, I replaced the installation folder and also changed the CN to match my FQDN. There was a slight unexpected change to the CA certificate as a result, but insignificant.

In any case, that seems to have done the trick. I am now able to connect both with 3rd-party webdav clients as well as with the Windows7 built-in client.

Thanks for your help.

Shmuel