Saturday, 13 June 2020

Configure the https(SSL) on AEM instance quickly

There are cases where during development we may need to setup https connection in our existing AEM instance.

By following procedure we can have both http and https on same AEM instance. This is very helpful while testing some of the AEM features which require SSL connections.

To start with, we need keys and certificates to configure SSL on AEM. We will use OpenSSL to set up keys and certificates. The method is tested on window, but should work on any other OS seamless way.

How to setup OpenSSL on Windows

  • Download OpenSSL from any URL - Ensure its relevant to your OS (including 86 Vs 64 Bit)
  • Unzip it.
  • Set the classpath

  • place the conf file in below path (Else you may get an error that openSSL conf cannot be found)

Now the OpenSSL is configured on your windows
  • Using command prompt execute below commands

### Create Private Key
$ openssl genrsa -aes256 -out localhostprivate.key 4096

### Generate Certificate Signing Request using private key
$ openssl req -sha256 -new -key localhostprivate.key -out localhost.csr -subj "/CN=localhost"

### Generate the SSL certificate and sign with the private key, will expire one year from now
$ openssl x509 -req -days 365 -in localhost.csr -signkey localhostprivate.key -out localhost.crt

### Convert Private Key to DER format - SSL wizard requires key to be in DER format
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in localhostprivate.key -out localhostprivate.der -nocrypt

You will have the certificates now in local drive as shown below.

Use the SSL Wizard in AEM

Now login to AEM

Tools > Security > SSL Configuration

For store credentials provide the Key store and Trust store password. [I have used admin for all, since its a localhost]