October 1, 2020
Estimated Post Reading Time ~

Configure the https(SSL) on AEM instance quickly

There are cases where during development we may need to set up an https connection in our existing AEM instance.

By the following procedure, we can have both http and https on the same AEM instance. This is very helpful while testing some of the AEM features which require SSL connections.

To start with, we need keys and certificates to configure SSL on AEM. We will use OpenSSL to set up keys and certificates. The method is tested on the window but should work on any other OS seamless way.

How to setup OpenSSL on Windows
Download OpenSSL from any URL - Ensure its relevant to your OS (including 86 Vs 64 Bit)
Unzip it.
Set the classpath


place the conf file in the below path (Else you may get an error that openSSL conf cannot be found)


Now the OpenSSL is configured on your windows
Using a command prompt execute the below commands
### Create Private Key
$ openssl genrsa -aes256 -out localhostprivate.key 4096

### Generate Certificate Signing Request using private key
$ openssl req -sha256 -new -key localhostprivate.key -out localhost.csr -subj "/CN=localhost"

### Generate the SSL certificate and sign with the private key will expire one year from now
$ openssl x509 -req -days 365 -in localhost.csr -signkey localhostprivate.key -out localhost.crt

### Convert Private Key to DER format - SSL wizard requires key to be in DER format
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in localhostprivate.key -out localhostprivate.der -nocrypt

You will have the certificates now in the local drive as shown below.


Use the SSL Wizard in AEM
Now login to AEM
http://localhost:4502/aem/start.html

Tools > Security > SSL Configuration

For store, credentials provide the Key store and Trust store password. [I have used admin for all, since its a localhost]


In Keys and Certificate Section

Select the Key and certificate generated using openSSL


In the next section enter the domain (localhost), and leave the port as it is

Click on 'Done' and continue will open the AEM in a specified new port. For eg: https://localhost:8443

The advantage here is, you will be able to use AEM as http over 4502/4503(based on author or publish where ever you have configured) and https over the new port. This will help us in testing many cases where we need AEM as https service.

Note: For using SSL on servers ensure you use a key & certificate which is provided by a certificate authority which ensures security.


By aem4beginner
Posted by at
Labels:

No comments:

Post a Comment

If you have any doubts or questions, please let us know.