There are two ways to access site or pages by https:
- Using OSGI service Apache Felix Jetty Based Http service. (To access entire instance using https).
- Using crxde, manually creating nodes. (To access few pages using https).
Create credential for SSL development
Use the Java keytool to create a self-signed credential and to store it in a keystore file. The following procedure uses a single command that includes all of the information needed to create the keystore. For complete information about the command, see the Oracle Java SE Documentation.
Create a directory named ssl in the directory where the quickstart JAR file is located.
In the command prompt, type the following command to create the credential and keystone:
The following example generates a private/public key pair with the following properties:
Through OSGI service Apache Felix Jetty Based Http Service
Through OSGI service Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https]
Click Save
Note: If you get an ajax error on saving check error logs and make sure you are not getting error of port already in use. If port is not available try saving the configuration with some other port name.
Now your AEM instance can be opened over SSL.
Through crxde by manually creating the node.
Through crxde by manually creating the node. [Move selected pages of author instance to https]
How to configure SSL on Author Instance.
How to force cq to use ssl port.
Lets understand how to enable http over ssl in aem or how to enable https in aem with the help of a use case.
Use Case: For example if you want all pages of Geometrix’s outdoor to be open in http port but the pages under ‘men’ hierarchy to be open using secure https port.
Below image describes the usecase
Enable SSL on the Author Instance
Configure the Apache Felix Jetty-based HTTP service to use SSL, employing your certificate.
Click Save All.
Forcing the Use of the SSL Port
Go to /etc folder.
Create a new sling:folder with name as map.
Now under /etc/map create http node of type sling:folder.
Under that create a node
Below hierarchy explains above steps more clearly:
Use the Java keytool to create a self-signed credential and to store it in a keystore file. The following procedure uses a single command that includes all of the information needed to create the keystore. For complete information about the command, see the Oracle Java SE Documentation.
Create a directory named ssl in the directory where the quickstart JAR file is located.
In the command prompt, type the following command to create the credential and keystone:
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse
-keystore [quickstart_dir]/ssl/keystorename.keystore -keypass key_password
-storepass storepassword -dname "CN=Host Name, OU=Group Name,
O=Company Name,L=City Name, S=State, C=Country_ Code"
The following example generates a private/public key pair with the following properties:
- alias: cqse
- keystore file: keystorename.keystore
- key password: password
- keystore password: password
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse
-keystore D:/kishore/CQ5/AEM6.1/ssl/keystorename.keystore
-keypass password -storepass password -dname "CN=sbroders-w7,
OU=CQ, O=AEMQuickstart, L=HYD, S=TG, C=IN"
Through OSGI service Apache Felix Jetty Based Http Service
Through OSGI service Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https]
- Go to Felix console system configurations http://localhost:4502/system/console/configMgr
- Search for Apache Felix Jetty Based Http Service.
- Open Apache Felix Jetty Based Http Service configuration. Enter below details
Click Save
Note: If you get an ajax error on saving check error logs and make sure you are not getting error of port already in use. If port is not available try saving the configuration with some other port name.
Now your AEM instance can be opened over SSL.
Through crxde by manually creating the node.
Through crxde by manually creating the node. [Move selected pages of author instance to https]
How to configure SSL on Author Instance.
How to force cq to use ssl port.
Lets understand how to enable http over ssl in aem or how to enable https in aem with the help of a use case.
Use Case: For example if you want all pages of Geometrix’s outdoor to be open in http port but the pages under ‘men’ hierarchy to be open using secure https port.
Below image describes the usecase
Enable SSL on the Author Instance
Configure the Apache Felix Jetty-based HTTP service to use SSL, employing your certificate.
- Open CRXDE Lite and select the /apps folder. Click Create > Create Folder to create a folder named system (http://localhost:4502/crx/de).
- Below the system folder create a folder named config.author.
- Select the /apps/system/config.author node.
- Click Create > Create Node and enter the following properties:
- Name: org.apache.felix.http
- Type: sling:OsgiConfig
Name
|
Type
|
Value
|
org.apache.felix.https.enable
|
Boolean
|
TRUE
|
org.osgi.service.http.port.secure
|
Long
|
5433
|
org.apache.felix.https.nio
|
Boolean
|
TRUE
|
org.apache.felix.https.keystore
|
String
|
[quickstart_dir]/ssl/cqkeystore.keystore
|
org.apache.felix.https.keystore.password
|
String
|
password.
|
org.apache.felix.https.keystore.key
|
String
|
alias e.g. cqse
|
org.apache.felix.https.keystore.key.password
|
String
|
password.
|
org.apache.felix.https.truststore
|
String
|
Path to truststore
|
org.apache.felix.https.truststore.password
|
String
|
Truststore password.
|
(Optional) org.apache.felix.https.clientcertificate
|
String
|
Defaults to none
|
Click Save All.
Forcing the Use of the SSL Port
Go to /etc folder.
Create a new sling:folder with name as map.
Now under /etc/map create http node of type sling:folder.
Under that create a node
- Name – localhost.4502
- Type– sling:mapping.
- Name: sling:redirect Type : String Value : https://localhost:5404
- Name: sling:match Type : String Value : content/geometrixx-outdoor/en/men/(.*).html
Below hierarchy explains above steps more clearly:
No comments:
Post a Comment
If you have any doubts or questions, please let us know.