After completing this tutorial you will be able to enable https on the entire website or for specific pages of your website.
There are two ways to achieve it :
Through OSGI service Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https]
Through crxde by manually creating the node. [Move selected pages of author instance to https]
Both options have their own advantages and it depends upon the requirement which approaches you should follow. Personally, I prefer option 1 let's see how to enable https in aem using both options:-
For both approaches, we need to create a key store file.
How to create a credential for ssl development.
Through OSGI service Apache Felix Jetty Based Http Service
Through OSGI service Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https]
Go to Felix console system configurations http://localhost:4502/system/console/configMgr
Search for Apache Felix Jetty Based Http Service.
Open Apache Felix Jetty Based Http Service configuration.
Enter below details
Click Save.
Note: If you get an ajax error on saving check error logs and make sure you are not getting error of port already in use. If the port is not available try saving the configuration with some other port name.
You will get Address bind already in use exception as shown below. If port is already in use:
That’s it you are done, now you can open your author instance over ssl.
Through crxde by manually creating the node.
Through crxde by manually creating the node. [Move selected pages of author instance to https]
How to configure SSL on Author Instance.
How to force cq to use ssl port.
Let's understand how to enable http over ssl in aem or how to enable https in aem with the help of a use case.
Use Case: For example, if you want all pages of Geometrix’s outdoor to be open in http port but the pages under ‘men’ hierarchy to be open using secure https port.
This hierarchy illustrates the use case more clearly:
Create Credentials for Development:
Create a directory named ssl in the directory where the quickstart JAR file is located.
In the command prompt, type the following command to create the credential and Keystore:
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore [quickstart_dir]/ssl/keystorename.keystore -keypass key_password -storepass storepassword -dname "CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country_ Code"
Key_password and storepassword are user-defined passwords. Here I am taking a password as 123456. Your command should look like below screenshot:-
Note: It is not mandatory to create ssh in the crx-quickstart folder, you can create it anywhere, but in the command, you need to specify the absolute path and the same path while configuring the SSL.
Create a directory named ssl in the directory where the quickstart JAR file is located.
In the command prompt, type the following command to create the credential and Keystore:
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore [quickstart_dir]/ssl/keystorename.keystore -keypass key_password -storepass storepassword -dname "CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country_ Code"
Key_password and storepassword are user-defined passwords. Here I am taking a password as 123456. Your command should look like below screenshot:-
Note: It is not mandatory to create ssh in the crx-quickstart folder, you can create it anywhere, but in the command, you need to specify the absolute path and the same path while configuring the SSL.
Configure SSL on Author Instance:
Go to crxde –> create a folder under apps by
Name – config.author
Type: sling:folder
Under this folder create a node with below details
Name – org.apache.felix.http
Type – sling:OsgiConfig
Add the following properties in the node.
Name Type Value
org.apache.felix.debug boolean true
org.apache.felix.https.enable boolean true
org.apache.felix.https.keystore String [crxquickstart path]/ssl/keystorename.keystore
org.apache.felix.https.keystore.key String cqse
org.apache.felix.https.keystore.key.password String 123456
org.apache.felix.https.keystore.password String 123456
org.apache.felix.https.nio Boolean true
org.apache.felix.https.truststore String [crxquickstart path]/ssl/keystorename.keystore
org.apache.felix.https.truststore.password String 123456
org.osgi.service.http.port.secure Long 5404 [ Note: This is the port no on which the https page will be opened]
Note:- Please check error logs to confirm this port is not in use if you getting any error.
Note: In above screenshot also org.apache.felix.https.keystore and org.apache.felix.https.truststore value should be absolute path like:- C:/Ankur/AEM/crxquickstart/ssl/keystorename.keystore
Forcing the Use of the SSL Port
Go to /etc folder.
Create a new sling:folder with name as a map.
Now under /etc/map create http node of type sling:folder.
Under that create a node
Name – localhost.4502
Type– sling:mapping.
Add below properties to this node:
Name: sling:redirect Type : String Value : https://localhost:5404
Name: sling:match Type : String Value : content/geometrixx-outdoor/en/men/(.*).html
Click Save ALL , your all pages will be automatically open with https domain .
Below hierarchy explains the above steps more clearly:
Note: Sometimes it will not work and if you see logs it will show an error “port is already used”.So at this time just go for another port as I have taken 4000 port numbers here.
Testing localhost is now moved to HTTPS or not:
But the question comes why we are doing all this? What’re the advantages of using http over ssl?
Its reason is very simple because Https is far more secure than http. If there is a use case in which more secure data (e.g online transaction or confidential information) needs to transfer, then we can use ssl over http.
HTTPS ensures the integrity of your website.
HTTPS ensures the privacy and security of your users and their personal information.
You can download the complete package for this use case from here and then you can modify it according to your needs.
Please drop a comment to us, if you face any issue in configuring or enabling https in aem.
Go to crxde –> create a folder under apps by
Name – config.author
Type: sling:folder
Under this folder create a node with below details
Name – org.apache.felix.http
Type – sling:OsgiConfig
Add the following properties in the node.
Name Type Value
org.apache.felix.debug boolean true
org.apache.felix.https.enable boolean true
org.apache.felix.https.keystore String [crxquickstart path]/ssl/keystorename.keystore
org.apache.felix.https.keystore.key String cqse
org.apache.felix.https.keystore.key.password String 123456
org.apache.felix.https.keystore.password String 123456
org.apache.felix.https.nio Boolean true
org.apache.felix.https.truststore String [crxquickstart path]/ssl/keystorename.keystore
org.apache.felix.https.truststore.password String 123456
org.osgi.service.http.port.secure Long 5404 [ Note: This is the port no on which the https page will be opened]
Note:- Please check error logs to confirm this port is not in use if you getting any error.
Note: In above screenshot also org.apache.felix.https.keystore and org.apache.felix.https.truststore value should be absolute path like:- C:/Ankur/AEM/crxquickstart/ssl/keystorename.keystore
Forcing the Use of the SSL Port
Go to /etc folder.
Create a new sling:folder with name as a map.
Now under /etc/map create http node of type sling:folder.
Under that create a node
Name – localhost.4502
Type– sling:mapping.
Add below properties to this node:
Name: sling:redirect Type : String Value : https://localhost:5404
Name: sling:match Type : String Value : content/geometrixx-outdoor/en/men/(.*).html
Click Save ALL , your all pages will be automatically open with https domain .
Below hierarchy explains the above steps more clearly:
Note: Sometimes it will not work and if you see logs it will show an error “port is already used”.So at this time just go for another port as I have taken 4000 port numbers here.
Testing localhost is now moved to HTTPS or not:
But the question comes why we are doing all this? What’re the advantages of using http over ssl?
Its reason is very simple because Https is far more secure than http. If there is a use case in which more secure data (e.g online transaction or confidential information) needs to transfer, then we can use ssl over http.
HTTPS ensures the integrity of your website.
HTTPS ensures the privacy and security of your users and their personal information.
You can download the complete package for this use case from here and then you can modify it according to your needs.
Please drop a comment to us, if you face any issue in configuring or enabling https in aem.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.