Follow the below steps
Step: 1
Create SSL folder inside the AEM server folder which is parallel to the crx-quickstart.jar file
For Example D:\CQ-5.6.1- software\latest-5.6.1 software\ssl\
Step: 2
Generate a self-signed certificate for public/private key pair-
- Go to command prompt point to the SSL folder
For Example:
D:\CQ-5.6.1- software\latest-5.6.1 software\ssl\
Steps to be followed to create Keystore and CSR
Create SSL folder inside the AEM server folder which is parallel to the crx-quickstart.jar file
For Example D:\CQ-5.6.1- software\latest-5.6.1 software\ssl\
Step: 2
Generate a self-signed certificate for public/private key pair-
- Go to command prompt point to the SSL folder
For Example:
D:\CQ-5.6.1- software\latest-5.6.1 software\ssl\
Steps to be followed to create Keystore and CSR
Option1: Create a Keystore with a public/private key pair
D:\CQ-5.6.1- software\latest-5.6.1 software>ssl\keytool -genkeypair -keyalg RSA -keysize 2048 -validity 3650 -alias cqse -keystore cqkeystore.keystore -keypass S!n@t$!123 -storepass S!n@t$!123 -dname "CN=test.com, OU=test.com, O=test, L=Singapore, S=Singapore, C=SG"
Option2: Generate CSR
D:\CQ-5.6.1- software\latest-5.6.1 software>ssl\keytool -certreq -alias "cqse" -keystore cqkeystore.keystore -file LCCertRequest.csr
Verify the generated keystore and csr certificate in the local file system where D:\CQ-5.6.1- software\latest-5.6.1 software\ssl folder
Step: 3
Login to the Author instance as Admin User
Step: 4
Open the OSGI/Felix console: http://localhost:4502/system/console/configMgr
Step: 5
Select Configuration options from OSGI tab
Step: 6
Select “Day CQSE HTTP Service” & open it.
Step: 7
Configure the HTTPS port, Keystore Absolute file path, and Keystore password
Step: 8
Where
Keystore: Path of the key store file: D:\CQ-5.6.1- software\latest-5.6.1 software\publish\ssl\cqkeystore.keystore
Keystore Password: S!n@t$!123
Key password: S!n@t$!123
Enable HTTPS: Select the checkbox
Https Port: 5443
Key Alias: cqse
Client Certificate: No client certificate
Finally, click on save.
Step:9
Validate whether the HTTP and HTTPS port started in the error.log file
02.10.2014 18:46:35.409 *INFO* [CQSE HTTP Service] cqse-httpservice Started CQSE 4.x at port(s) HTTP:4502 HTTPS:5443 on context path /
Sanity Test for SSL in Author and Publishers
Launch the welcome console of author and Publishers: https://localhost:4502/welcome.html
D:\CQ-5.6.1- software\latest-5.6.1 software>ssl\keytool -genkeypair -keyalg RSA -keysize 2048 -validity 3650 -alias cqse -keystore cqkeystore.keystore -keypass S!n@t$!123 -storepass S!n@t$!123 -dname "CN=test.com, OU=test.com, O=test, L=Singapore, S=Singapore, C=SG"
Option2: Generate CSR
D:\CQ-5.6.1- software\latest-5.6.1 software>ssl\keytool -certreq -alias "cqse" -keystore cqkeystore.keystore -file LCCertRequest.csr
Verify the generated keystore and csr certificate in the local file system where D:\CQ-5.6.1- software\latest-5.6.1 software\ssl folder
Step: 3
Login to the Author instance as Admin User
Step: 4
Open the OSGI/Felix console: http://localhost:4502/system/console/configMgr
Step: 5
Select Configuration options from OSGI tab
Step: 6
Select “Day CQSE HTTP Service” & open it.
Step: 7
Configure the HTTPS port, Keystore Absolute file path, and Keystore password
Step: 8
Where
Keystore: Path of the key store file: D:\CQ-5.6.1- software\latest-5.6.1 software\publish\ssl\cqkeystore.keystore
Keystore Password: S!n@t$!123
Key password: S!n@t$!123
Enable HTTPS: Select the checkbox
Https Port: 5443
Key Alias: cqse
Client Certificate: No client certificate
Finally, click on save.
Step:9
Validate whether the HTTP and HTTPS port started in the error.log file
02.10.2014 18:46:35.409 *INFO* [CQSE HTTP Service] cqse-httpservice Started CQSE 4.x at port(s) HTTP:4502 HTTPS:5443 on context path /
Sanity Test for SSL in Author and Publishers
Launch the welcome console of author and Publishers: https://localhost:4502/welcome.html
Note:
Follow the above-mentioned steps from the point no 7 to configure HTTP over SSL in the Publishers as well
For Author Use HTTPS port: 5443
For Publisher Use HTTPS port: 8443
Use strong password
Increase the validity of the certificate.
Follow the above-mentioned steps from the point no 7 to configure HTTP over SSL in the Publishers as well
For Author Use HTTPS port: 5443
For Publisher Use HTTPS port: 8443
Use strong password
Increase the validity of the certificate.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.