AnsweredAssumed Answered

SSL Problems

Question asked by tman247 on Apr 28, 2015
Latest reply on May 8, 2015 by eswbitto
Pulling my hair out over this one.

Ultimately, we needed to change the internal SSL certificate in Alfresco to a public signed one. Getting the cert isn't a problem. Getting Alfresco to use it is. I spent ages using keytool to try and inject the new cert and signing chain, and even though in the end it looked ok, Alfresco just keep using its self-signed one, so I gave up, and moved onto the second option.

So, now I want to try and use Apache as a proxy front to Alfresco/Tomcat, and I want to use the standard TCP443, not 8443. Adding a cert to Apache is easy, but as it turns out, getting the correct code into httpd.conf isn't. There are a few guides kicking around, all say something different and no two bits of information are the same, so I have to cobble together what I can from different sites. I'm not sure if this is correct, but it doesn't seem to be working. I can get Apache listening on 443, but there's no hand off taking place to Tomcat as far as I can tell. Connecting to the Alfresco server on 443 just shows the Apache landing page.

Some details if someone can shed any light on this;

O/S: CentOS 6.3 x64
Alfresco: 4.2d installed in /data/alfresco-4.2.d
Apache: 2.2.15

I've modified server.xml so it includes the necessary AJP entries. That doesn't seem to be the problem.

httpd.conf is configured to load all the necessary proxy modules, and the jk_module. I've added this code to httpd.conf;

NameVirtualHost *
<VirtualHost *>

        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/
        <Location />
                Order allow,deny
                Allow from all

JkMount /samples/* worker1
JkMount /alfresco/* worker1
JkMount /share/* worker1

# Tomcat Integration settings
JkWorkersFile conf/
JkLogFile logs/mod_jk.log
JkShmFile logs/mod_jk.shm
JkLoglevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

In CentOS, the SSL tags are loaded via ssl.conf, but I could possibly add them straight to httpd.conf is necessary, but I was hoping not to have to. Some of the docs show the SSL commands embedded in the 'Virtual Host' sections.

CentOS httpd uses the 'apache' account, and this normally has access to DocumentRoot, but I did notice that there are errors in the /var/log/httpd/ssl_error.log which say "Directory index forbidden by Options directive: /var/www/html/", but should the DocumentRoot now be the same as the Alfresco doc root or not? I think not.

Anyhow, when I try to connect to https://myalfrescoserver/share, I just get a browser message; "The requested URL /share was not found on this server."

Anyone have any idea what I might be missing?