AnsweredAssumed Answered

Change Alfresco to use SSL and 'Share' stops authenticating!

Question asked by webberj on Jul 11, 2013
Latest reply on Jul 15, 2014 by jasswalkjr
Hi,

Sorry to ask a question that has been discussed a few times before, but I cannot find a solution to this issue that works for me!

I have created a new server (CentOS release 6.2) for Alfresco and downloaded and installed the latest released version of Alfresco Community (4.2.c), using the standard installer (from http://www.alfresco.com/products/community).

We would like to use SSL over port 8443, instead of non-SSL over port 8080.  I have made LOTS of amendments to the standard configuration files (detailed below). 

It was relatively straight forward to get the "Alfresco Explorer" working correctly using SSL, but I have had NO success in changing the configuration to enable Alfresco Share to authenticate.

When I attempt to log on to the Alfresco share (https://alfresco.nbi.ac.uk:8443/share), I see an error message that states:  "The remote server may be unavailable or your authentication details have not been recognized."  The authentication is working correctly for Alfresco Explorer (https://alfresco.nbi.ac.uk:8443/alfresco), but not for share.

I also see the following message in the (alfresco)/tomcat/logs/catalina.out:
"2013-07-11 17:11:42,098  INFO  [web.site.EditionInterceptor] [http-bio-8443-exec-12] Unable to retrieve License information from Alfresco: 500"

Please can someone advice whether it is possible to get Share working over SSL?

I have made the following configuration amendments, but to no avail so far!

———————
   In <alfresco>/tomcat/shared/classes/alfresco-global.properties change the following:
      alfresco.context=alfresco
      alfresco.host=alfresco.nbi.ac.uk
      alfresco.port=8443
      alfresco.protocol=https

      share.context=share
      share.host=alfresco.nbi.ac.uk
      share.port=8443
      share.protocol=https

      and add      web.application.context.url=https://127.0.0.1:8443/alfresco

———————

   Update <alfresco>/tomcat/conf/web.xml
      Add the following lines at the end of the file (before the </web-app> )

      <!– Added to attempt to stop http and force https instead                 –>
      <security-constraint>
         <web-resource-collection>
            <web-resource-name>Protected Context</web-resource-name>
            <url-pattern>/*</url-pattern>
         </web-resource-collection>

         <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
      </security-constraint>

———————

   Update /opt/alfresco/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml
         Change the "endpoint URLs" from
         <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url   
      to
         <endpoint-url>https://localhost:8443/alfresco</endpoint-url
      (by removing the /s, changing http to https and changing 8080 to 8443)

      Add:     <repository-url>https://localhost:8443/alfresco</repository-url>
      Update the alfresco endpoint to be : <endpoint-url>https://localhost:8443/alfresco/wcs</endpoint-url>
      (by adding the "wcs"
      And add  <external-auth>true</external-auth> to the alfresco endpoint

———————

   Update /opt/alfresco-4.2.c/tomcat/webapps/share/WEB-INF/classes/alfresco/share-cmis-config.xml
      Change parameter key value from
         value="http://localhost:8080/alfresco/cmisatom"
      to
         value="https://localhost:8443/alfresco/cmisatom'/>

———————

   Update /opt/alfresco-4.2.c/tomcat/webapps/share/WEB-INF/classes/alfresco/share-documentlibrary-config.xml
      Change   <repository-url>http://localhost:8080/alfresco</repository-url>
      to   <repository-url>https://localhost:8443/alfresco</repository-url>

———————

   Update /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/web-client-config.xml
      Change   <scheme>http</scheme>
      to   <scheme>https</scheme>

      Change   <port>8080</port>
      to   <port>8443</port>

———————

Any advice that anyone can give to help me configure this would be very gratefully received!

Thanks
John

Outcomes