AnsweredAssumed Answered

Custom SSL Cert (wildcard especially) configuration?

Question asked by brandall on Apr 2, 2013
Latest reply on Apr 8, 2013 by 102020
Right-o, does anybody have any pointers on getting a custom SSL certificate to work holistically throughout an Alfresco installation? So far, I can:

1.) Get either a self-signed cert or a valid wildcard cert to install on Tomcat… yay. BUT: once I do this, it breaks both Jetty (for Sharepoint integration) and SOLR (for search, dashlet rendering, etc). I have minimized that effect by moving to Lucene in this test case, but Sharepoint refuses to work, specifically with the dreaded "Server could not be contacted" message; browsing to https://alfresco.xxx.com:7070 goes nowhere… so it seems Jetty just hangs up. To do this, I've used:

1.) A custom keystore (not the Alfresco defaults);
2.) Added a connector on 8443 in /tomcat/conf/server.xml, pointing to the custom keystore;
3.) Modified the endpoints in /tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml to point to https:// and :8443;
4.) Modified Jetty in /tomcat/webapps/alfresco/WEB-INF/classes/alfresco/module/org.alfresco.module.vti/context/vti-context.xml to use the new keystore location, the new keypassword and password (using the default "changeit" to avoid typos), and a keystore type of JKS as specified in ./keytool commands;
5.) And added the following to alfresco-global.properties to tie it all together:

#####################
### CUSTOM CONTEXT###
#####################

web.application.context.url=https://127.0.0.1:8443/alfresco

alfresco.context=alfresco
alfresco.host=${localname}
alfresco.port=8443
alfresco.protocol=https

share.context=share
share.host=${localname}
share.port=8443
share.protocol=https

##########################
### CUSTOM SHAREPOINT ###
##########################

vti.server.external.host=alfresco.mydomain.com
vti.server.external.port=7070
vti.server.external.protocol=https

7.) I have tried this both on 4.2.c as well as the 4.2.d nightly, which I'm leaning towards as I understand there are a few Jetty bugs/issues in 4.2.c from the JIRA. Same results on both, however.

SO!

As I mentioned, this gets HTTPS working pretty well. I get my certificate served up and trusted, the application generally functions, but I must be missing something, because SOLR and Jetty just WILL NOT PLAY WELL. I can post up log info, but the broken SOLR is jamming up the logs extensively, so before doing large and possibly unhelpful dumps, does anyone have a sense of what could be broken given the above, or know of a more comprehensive walkthrough a la http://www.optimit.hr/blog/-/blogs/alfresco-https-setup, which I found to be more complete/helpful than the Alfresco and Tomcat documentation in getting this far?

Many thanks, and cheers,

br

Outcomes