Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Securing community edition with a SSL.

michaelr93
Champ in-the-making
Champ in-the-making

‎01-05-2017 12:53 PM

Currently i have 5.x version of community edition and i want to install a ssl to secure the site. I have followed many docs from this site on how to setup and apparently i must be missing a few things because i still cannot get my site to work.

Here i what I have done so far

I used the tool keytool to import my chain and my cert into tomcat.

I then edited server.xml to port to 443 instead of 80 (that i originally had changed)

I then edited share-config-custom to reflect my Url's etc: https://localhost/alfresco

i then edited alfresco-global.properties to point my share and my context to port 443 and i changed the protocol to https.

When i restarted the alfresco site with the ./alfresco.sh restart command everything starts like it should but I cannot access the site.

I get a message that the  "SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG"

Not sure what I'm doing wrong and could really use a little help.

Thanks in advanced

michaelr93

Labels:
0 Kudos
4 REPLIES 4

kaynezhang
World-Class Innovator
World-Class Innovator

‎01-05-2017 09:49 PM


Try to set the SSLEnabled="true" for tomcat connector

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

0 Kudos

michaelr93
Champ in-the-making
Champ in-the-making

‎01-06-2017 10:39 AM

I have all that configured and still cannot get it to work. One other thing that i forget to put in the post is the ssl certificate.

When i purchared the cert i was in .crt and i used the keytool to import into ssl.keystore. I also thought that might be the wrong format so i then when back to my provider and downloaed the .pem file and imported it. So I'm not sure if i have the cert in the correct spot or if its correctly configured in my ssl.keystore.

0 Kudos

jpotts
World-Class Innovator
World-Class Innovator

‎01-06-2017 06:34 PM

The easiest way to get SSL working is to install Apache (or your favorite HTTP server) and use it as a reverse proxy. That way, Apache is handling the SSL and Tomcat can concentrate on being an app server.

Also, on a side note, it sounds like it may be too late, but if this is a public facing machine you can get a free, high-quality cert from letsencrypt.org. There is a project on github called certbot which scripts the whole thing. It removes all of the keytool/certificate fuss and muss. I've used it on many of my client projects and it works great.

Jeff Potts
https://www.metaversant.com | https://ecmarchitect.com
0 Kudos

michaelr93
Champ in-the-making
Champ in-the-making

‎01-09-2017 12:48 PM

Thanks for all the comments. I think i will try the previous suggestion on having apache which is already built into my server and forward the traffic tot he tomcat after its secured. I will reply again my progress whether it good or bad.

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC