Monday, 20 March 2017

Enable SSL for AEM author instance

Accessing site over https is must. AEM has capability to access entire site or few pages https.

There are two ways to access site or pages by https:
  • Using OSGI service Apache Felix Jetty Based Http service. (To access entire instance using https).
  • Using crxde, manually creating nodes. (To access few pages using https).

Create credential for SSL development
Use the Java keytool to create a self-signed credential and to store it in a keystore file. The following procedure uses a single command that includes all of the information needed to create the keystore. For complete information about the command, see the Oracle Java SE Documentation.


  1. Create a directory named ssl in the directory where the quickstart JAR file is located.
  2. In the command prompt, type the following command to create the credential and keystore:
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse
 -keystore [quickstart_dir]/ssl/keystorename.keystore  -keypass key_password 
-storepass  storepassword -dname "CN=Host Name, OU=Group Name, 
O=Company Name,L=City Name, S=State, C=Country_ Code"

The following example generates a private/public key pair with the following properties:
  • alias: cqse
  • keystore file: keystorename.keystore
  • key password: password
  • keystore password: password
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse
 -keystore D:/kishore/CQ5/AEM6.1/ssl/keystorename.keystore 
-keypass password -storepass password -dname "CN=sbroders-w7, 
OU=CQ, O=AEMQuickstart, L=HYD, S=TG, C=IN"

Through OSGI service Apache Felix Jetty Based Http Service


Through OSGI service  Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https] 
  • Go to Felix console system configurations http://localhost:4502/system/console/configMgr 
  • Search for Apache Felix Jetty Based Http Service.
  • Open Apache Felix Jetty Based Http Service configuration. Enter below details
  • Click Save
  • Note:- If you get an ajax error on saving check error logs and make sure you are not getting error of port already in use. If port is not available try saving the configuration with some other port name.
Now your AEM instance can be opened over SSL.

Through crxde by manually creating the node. 

Through crxde by manually creating the node. [Move selected pages of author instance to https] 
  • How to configure SSL on Author Instance.
  • How to force cq to use ssl port. 
Lets understand how to enable http over ssl in aem or how to enable https in aem with the help of a use case. 
Use Case: For example if you want all pages of Geometrix’s  outdoor to be open in http port but the pages under ‘men’ hierarchy to be open using secure https port.

Below image describes the usecase

Enable SSL on the Author Instance

Configure the Apache Felix Jetty-based HTTP service to use SSL, employing your certificate.
  1. Open CRXDE Lite and select the /apps folder. Click Create > Create Folder to create a folder named system (http://localhost:4502/crx/de).
  2. Below the system folder create a folder named config.author.
  3. Select the /apps/system/config.author node.
  4. Click Create Create Node and enter the following properties:
    • Nameorg.apache.felix.http
    • Typesling:OsgiConfig
  5. Add properties to the node according to the following table:
    NameTypeValue
    org.apache.felix.https.enableBooleantrue
    org.osgi.service.http.port.secureLong5433
    org.apache.felix.https.nioBooleantrue
    org.apache.felix.https.keystoreString[quickstart_dir]/ssl/cqkeystore.keystore
    org.apache.felix.https.keystore.passwordStringpassword.
    org.apache.felix.https.keystore.keyStringalias e.g. cqse
    org.apache.felix.https.keystore.key.passwordStringpassword.
    org.apache.felix.https.truststoreStringPath to truststore
    org.apache.felix.https.truststore.passwordStringTruststore password.
    (Optional) org.apache.felix.https.clientcertificateStringDefaults to none
  6. Click Save All.

Forcing the Use of the SSL Port 

  • Go to /etc folder. 
  • Create a new sling:folder with name as map. 
  • Now under /etc/map create http node of type sling:folder. 
  • Under that create a node 
    • Name – localhost.4502 
    • Type– sling:mapping. 
  • Add below properties to this node: 
    • Name: sling:redirect  Type : String   Value : https://localhost:5404 
    • Name: sling:match  Type : String   Value : content/geometrixx-outdoor/en/men/(.*).html 
  • Click Save ALL , your all pages will be automatically open with https domain . 
Below hierarchy explains above steps more clearly:

Posted by at 2 comments :
Labels: ,

2 comments :

  1. Avishek Priyadarshi13 December 2017 at 10:09

    I really appreciate the information shared above. It’s of great help. If someone wants to learn Online (Virtual) instructor lead live training in #VEEVA #CRM, kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor-led training on #VEEVA #CRM. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ pieces of training in India, USA, UK, Australia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain, and UAE etc.
    Avishek Priyadarshi
    MaxMunus
    E-mail: avishek@maxmunus.com
    Skype id: avishek_2.
    Ph:(0) 8553177744 / 080 - 41103383
    http://www.maxmunus.com/

    ReplyDelete
  2. sasi22 December 2020 at 20:22

    Hi Kishore, Will this work on AEM 6.1 and anyone tried it on AEM 6.1

    ReplyDelete

Subscribe to: Post Comments ( Atom )
Privacy Policy Contact Us