cancel
Showing results for 
Search instead for 
Did you mean: 

Installing SSL Certificate

michaelk
Champ in-the-making
Champ in-the-making
I am trying to get SSL access to Alfresco working using my own certificate (instead of the default)

I have installed my SSL certificate into the keystore pointed to by tomcat/conf/server.xml and installed the primary and secondary CA certificates into the truststore.
How do I tell Alfresco (or Tomcat I guess) to use my certificate from the store instead of the "Alresco Repository" certificate ???
4 REPLIES 4

michaelk
Champ in-the-making
Champ in-the-making
After some very frustrating weeks I've come to the conclusion that configuring Alfresco to use SSL is not possible with the documentation available. Tomcat can be configured with the appropriate SSL site certificate but doing that breaks SOLR or some other part of Alfresco. The whole Alfresco setup is, I might say, incredible fragile and a little frightening (I've had several upgrades that just didn't work, causing the migration of files via webDAV (loosing all the metadata and versioning)).

Anyway, the only way I've found to make https://  access work with my own SSL certificate is to use the Apache Tomcat Connector.
Ensure you have the mod_jk installed in Apache then….

1. Create a "worker file" as
alfresco-4.0.c/tomcat/conf/workers.properties
it contains…

worker.list=tomcat
worker.tomcat.port=8009
worker.tomcat.host=localhost
worker.tomcat.type=ajp13
worker.tomcat.lbfactor=1

2. In the apache configuration file add
JkWorkersFile /var/home/user/alfresco-4.0.c/tomcat/conf/workers.properties

3. Within the particular <VirtualHost *:443> definition tag of the apache configuration file add

JkMount /share/* tomcat
JkMount /share tomcat
JkMount /alfresco tomcat
JkMount /alfresco/* tomcat

s56wbv
Champ in-the-making
Champ in-the-making
Thank You for posting your findings. It saved me a lot of time.

volkeram
Champ in-the-making
Champ in-the-making
The SSL certificate installation requires a dedicated IP address assigned to the domain. After getting dedicated IP you will be able to create SSL key through WHM. The option in the control panel can be used to generate a key for you. You need to use this key and purchase an SSL cert from any certificate issuing authority like Verisign.

gopei
Champ in-the-making
Champ in-the-making
Hi Michelk,… please introduce myself. My name is henry, i'm from indonesia (sory if my bad english)
i intermit with point 2 & 3 :
JkWorkersFile /var/home/user/alfresco-4.0.c/tomcat/conf/workers.properties and
JkMount /share/* tomcat
JkMount /share tomcat
JkMount /alfresco tomcat
JkMount /alfresco/* tomcat
1> does it all have to be made in /etc/apache2/apache2.conf ??
2> do i have to put workers.properties file in path /etc/apache2 ??
thank you and I appreciate for your help ?
regards
Henry L.S