CMS, Managed Services

Enable SSL On AEM

Enable HTTPs in AEM 6.1

Why SSL?
It gives additional security to AEM instances, replication between Author and publishers also can be made secure.

We can enable SSL for whole site or for specified pages in AEM

For example if you want all pages of Geometrix’s Mobile Demo Site to be open in http port but the pages under ‘company’ hierarchy to be open using secure https port.

1. Create Credentials for Development:

Create a directory named ssl in the directory in crx-quickstart directory.

Execute the following command to create the credential and keystore:

# keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore crx-quickstart/ssl/keystorename.keystore -keypass <password> -storepass <password> -dname “CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country_ Code”

Note: For production environment you should use a certificate that is signed from a trusted certificate authority. Generate a certificate signing request and when obtained import it to your keystore.

 

2.Configuring SSL on Author Instance:

  1. Go to crxde and create a node of Name – config.author Type – nt:folder
  2. Under this folder create a node with below details
  3. Name – org.apache.felix.http
  4. Type – sling:OsgiConfig

Add the following properties in the node.

Name Type Value
Org.apache.felix.debug Boolean True
Org.apahce.felix.https.enable Boolean True
Org.apache.felix.https.keystore String Crxquickstart/ssl/keystorename.keystore
Org.apache.felix.https.keystore.key String Cqse
Org.apache.felix.https.keystore.key.password String Password
Org.apache.felix.https.keystore.password String Password
Org.apache.felix.https.info Boolean True
Org.apache.felix.https.truststore String Crx-quickstart/ssl/keystorename.keystore
Org.apache.felix.https.truststore.password String Password
Org.osgi.service.http.port.secure Long 5000 (this port number is only this page)


3. Forcing the Use of the SSL Port

  1. Go to /etc folder.
  2. Create a new sling:folder with name as map.
  3. Now under /etc/map create http node of type sling:folder.
  4. Under that create a node
  • Name – localhost.4502
  • Type– sling:mapping.
  1. Add below properties to this node:
  • Name: sling:redirect Type : String Value : https://localhost:4000

Name: sling:match Type : String Value : content/geometrixx-mobiledemosite/English/company/(.*).html   ## add this line if you want to enable https for particular pages

Click Save ALL , your all pages will be automatically open with https domain .

 

About The Author

Leave a Reply

*