April 7, 2020
Estimated Post Reading Time ~

How to Enable SSL By Default in AEM6.3

SSL
SSL
In this article, I am going to explain how to use SSL Wizard in AEM6.3 to enable SSL by default for AEM instances.
Before start explaining how to enable SSL in AEM, I want to share the necessity behind https implementation for current age websites. Initially, we implemented SSL for pages that involve transactional data like payments, user credentials, etc. Now we turn to the internet for everything. From selling to buying, it’s the high-end digital-world. With this dominating trend, online security has become a necessity.
Recently I got a chance to read one article which stated “Don’t have an SSL Certificate? Google is going to flag your website this year!” When I have gone through that article, came to know that “Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the ‘Not secure’ warning in the URL bar when users type data into HTTP sites”
ssl_google_warning
In order to make websites that run in AEM secure, I searched for SSL implementation in AEM. Earlier if you want to implement SSL for the whole website or for a particular page in AEM, manually you have to write an OSGi configuration and you have to force AEM to use the SSL port.

With AEM 6.3, Adobe has introduced a feature called SSL By Default. The purpose is to encourage the use of HTTPS to connect to AEM instances. Refer the below step by step procedure to enable SSL by default in AEM 6.3.
For DEMO purpose, I have used the Private Key File and SSL Cert The file used in the Adobe Helpx Article. If you want to implement SSL for the Production Environment, you need to get an authorized SSL Certificate from a third-party Certificate Authority (CA) like verisign, geotrust etc. by raising a CSR request with Private Key generated for your Server.
For further details kindly refer, http://docs.rightscale.com/faq/How_do_I_create_an_SSL_certificate_for_my_web_server.html
Source of Reference :
https://helpx.adobe.com/experience-manager/kt/platform-repository/using/ssl-wizard-technical-video-use.html
Steps to Enable SSL by default in AEM Author Instance:
  1. Install AEM 6.3 and login to your author instance
  2. After logging in for the first time, see the notifications inbox on the top right side. Click View all
2_see_inbox
  1. Select “Configure HTTPS” and open
4_configure_https
  1. In the Store Credentials section, it will prompt for key store password and trust store password. Give the password of your choice and keep it with you for future use and click NEXT
6_enter_pwd
5. In the Key & Certificate section, it will prompt you to upload the Private Key file in.DER format and SSL Certificate file in.CRT format and click NEXT
For the local environment, either you can use the sample files available in the Helpx article or you can create your own using Open SSL. For further details kindly refer,

https://helpx.adobe.com/experience-manager/kt/platform-repository/using/ssl-wizard-technical-video-use.html [To download Sample SSL certificate and to know how to use openSSL]
7.1_upload_der_file
  1. In the SSL Connector section, choose a TCP Port for the HTTPS listener, between 1 and 65535 and click DONE
10_ssl_connector
  1. Now you have successfully configured SSL by default in your AEM instance and It will show a pop-up message “Go to HTTPS URL
11_ssl_configured
  1. When you click on Go to HTTPS URL, your instance will run in HTTPS port
aem_on_https
As it is for Demo purpose, it’s showing https with Not Secure Label. When you install a valid SSL certificate signed by third party CA. It will show the trusted Secure Green Symbol for HTTPS Pages.
A service user called ssl-service has been created for this SSL feature. After the successful initial SSL setup, if you want to update the SSL configuration this ssl-service user will help you.

Hit the User Admin Console. Search for ssl-service and click on Edit User Settings. Here you can change the key store and trust store passwords and also you can update/ add SSL certificates.
Manage_key_trust_store
And also if you want to change the HTTPS port and key store user, you can use the Granite SSL Connector Factory configuration available in the Web Console.
Granite_ssl_config
Finally, your AEM site will become SSL Secured with better security options.


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.