There are cases where during development we may need to setup https connection in our existing AEM instance.
By following procedure we can have both http and https on same AEM instance. This is very helpful while testing some of the AEM features which require SSL connections.
To start with, we need keys and certificates to configure SSL on AEM. We will use OpenSSL to set up keys and certificates. The method is tested on window, but should work on any other OS seamless way.
How to setup OpenSSL on Windows
- Download OpenSSL from any URL - Ensure its relevant to your OS (including 86 Vs 64 Bit)
- Unzip it.
- Set the classpath
- place the conf file in below path (Else you may get an error that openSSL conf cannot be found)
Now the OpenSSL is configured on your windows
- Using command prompt execute below commands
### Create Private Key
$ openssl genrsa -aes256 -out localhostprivate.key 4096
### Generate Certificate Signing Request using private key
$ openssl req -sha256 -new -key localhostprivate.key -out localhost.csr -subj "/CN=localhost"
### Generate the SSL certificate and sign with the private key, will expire one year from now
$ openssl x509 -req -days 365 -in localhost.csr -signkey localhostprivate.key -out localhost.crt
### Convert Private Key to DER format - SSL wizard requires key to be in DER format
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in localhostprivate.key -out localhostprivate.der -nocrypt
You will have the certificates now in local drive as shown below.
Use the SSL Wizard in AEM
http://localhost:4502/aem/start.html
Tools > Security > SSL Configuration
For store credentials provide the Key store and Trust store password. [I have used admin for all, since its a localhost]
In Keys and Certificate Section
Select the Key and certificate generated using openSSL
In the next section enter the domain (localhost), and leave the port as it is
Click on 'Done' and continue will open the AEM in specified new port. For eg: https://localhost:8443
Advantage here is, you will be able to use AEM as http over 4502/4503(based on author or publish where ever you have configured) and https over the new port. This will help us in testing many cases where we need AEM as https service.
Note: For using SSL on servers ensure you use a key & certificate which is provided by a certificate authority which ensures security.
No comments:
Post a Comment