In this article, I am going to explain how to use SSL Wizard in AEM6.3 to enable SSL by default for AEM instances.
Before start explaining how to enable SSL in AEM, I want to share the necessity behind https implementation for current age websites. Initially, we implemented SSL for pages that involve transactional data like payments, user credentials, etc. Now we turn to the internet for everything. From selling to buying, it’s the high-end digital-world. With this dominating trend, online security has become a necessity.
Recently I got a chance to read one article which stated “Don’t have an SSL Certificate? Google is going to flag your website this year!”
When I have gone through that article, came to know that “Any type of data
that users type into websites should not be accessible to others on the
network, so starting in version 62 Chrome will show the ‘Not secure’ warning in the URL bar when users type data into HTTP sites”
In order to make websites that run in AEM secure, I searched for SSL implementation in AEM. Earlier if you want to implement SSL for the whole website or for a particular page in AEM, manually you have to write an OSGi configuration and you have to force AEM to use the SSL port.
With AEM 6.3, Adobe has introduced a feature called SSL By Default.
The purpose is to encourage the use of HTTPS to connect to AEM
instances. Refer the below step by step procedure to enable SSL by default in AEM 6.3.
For DEMO purpose, I have used the Private Key File and SSL Cert The file used in the Adobe Helpx Article. If you want to implement SSL for
the Production Environment, you need to get an authorized SSL
Certificate from a third-party Certificate Authority (CA) like verisign,
geotrust etc. by raising a CSR request with Private Key generated for
your Server.
For further details kindly refer, http://docs.rightscale.com/faq/How_do_I_create_an_SSL_certificate_for_my_web_server.htmlSource of Reference :
https://helpx.adobe.com/experience-manager/kt/platform-repository/using/ssl-wizard-technical-video-use.html
Steps to Enable SSL by default in AEM Author Instance:
- Install AEM 6.3 and login to your author instance
- After logging in for the first time, see the notifications inbox on the top right side. Click View all
- Select “Configure HTTPS” and open
- In the Store Credentials section, it will prompt for key store password and trust store password. Give the password of your choice and keep it with you for future use and click NEXT
5. In the Key & Certificate section, it will prompt you to upload the Private Key file in.DER format and SSL Certificate file in.CRT format and click NEXT
For the local environment, either you can use the sample files available in the Helpx article or you can create your own using Open SSL. For further details kindly refer,
- In the SSL Connector section, choose a TCP Port for the HTTPS listener, between 1 and 65535 and click DONE
- Now you have successfully configured SSL by default in your AEM instance and It will show a pop-up message “Go to HTTPS URL”
- When you click on Go to HTTPS URL, your instance will run in HTTPS port
As it is for Demo purpose, it’s showing https with Not Secure Label. When you install a valid SSL certificate signed by third party CA. It will show the trusted Secure Green Symbol for HTTPS Pages.
A service user called ssl-service has been created for this SSL feature. After the successful initial SSL setup, if you want to update the SSL configuration this ssl-service user will help you.
Hit the User Admin Console. Search for ssl-service and click on Edit User Settings. Here you can change the key store and trust store passwords and also you can update/ add SSL certificates.
And also if you want to change the HTTPS port and key store user, you can use the Granite SSL Connector Factory configuration available in the Web Console.
Finally, your AEM site will become SSL Secured with better security options.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.