Currently i have 5.x version of community edition and i want to install a ssl to secure the site. I have followed many docs from this site on how to setup and apparently i must be missing a few things because i still cannot get my site to work.
Here i what I have done so far
I used the tool keytool to import my chain and my cert into tomcat.
I then edited server.xml to port to 443 instead of 80 (that i originally had changed)
I then edited share-config-custom to reflect my Url's etc: https://localhost/alfresco
i then edited alfresco-global.properties to point my share and my context to port 443 and i changed the protocol to https.
When i restarted the alfresco site with the ./alfresco.sh restart command everything starts like it should but I cannot access the site.
I get a message that the "SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG"
Not sure what I'm doing wrong and could really use a little help.
Thanks in advanced
michaelr93
Try to set the SSLEnabled="true" for tomcat connector
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
I have all that configured and still cannot get it to work. One other thing that i forget to put in the post is the ssl certificate.
When i purchared the cert i was in .crt and i used the keytool to import into ssl.keystore. I also thought that might be the wrong format so i then when back to my provider and downloaed the .pem file and imported it. So I'm not sure if i have the cert in the correct spot or if its correctly configured in my ssl.keystore.
The easiest way to get SSL working is to install Apache (or your favorite HTTP server) and use it as a reverse proxy. That way, Apache is handling the SSL and Tomcat can concentrate on being an app server.
Also, on a side note, it sounds like it may be too late, but if this is a public facing machine you can get a free, high-quality cert from letsencrypt.org. There is a project on github called certbot which scripts the whole thing. It removes all of the keytool/certificate fuss and muss. I've used it on many of my client projects and it works great.
Thanks for all the comments. I think i will try the previous suggestion on having apache which is already built into my server and forward the traffic tot he tomcat after its secured. I will reply again my progress whether it good or bad.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.