SSL setup in AEM 6.3

Statement : Integration of SSL with AEM 6.3

 Pre-requisite: 

  • JRE 1.8
  • AEM 6.3 up and running
Solution :
  • Create folder with name SSL, where quickstart.jar file is located
Step1 :  Create a private key 
D:\AEM 6.3\AEM 6.3 software\ssl>openssl genrsa -aes256 -out localhostprivate.key
 4096
Generating RSA private key, 4096 bit long modulus
................................................................................
...........++
.++
e is 65537 (0x10001)
Enter pass phrase for localhostprivate.key:  <enter the password for private key>
Verifying - Enter pass phrase for localhostprivate.key: <enter the password for private key>


 Step2:  Generate Certificate Signing Request(.csr) using private key

D:\AEM 6.3\AEM 6.3 software\ssl>openssl req -sha256 -new -key localhostprivate.k
ey -out localhost.csr -subj '/CN=localhost'
Enter pass phrase for localhostprivate.key:



Step3: Generate the SSL certificate and sign with the private key, Expiry is set for a year.

D:\AEM 6.3\AEM 6.3 software\ssl>openssl x509 -req -days 365 -in localhost.csr -s
ignkey localhostprivate.key -out localhost.crt
Signature ok
subject=/CN=localhost
Getting Private key
Enter pass phrase for localhostprivate.key:


Step4: Convert Private Key to DER format- this format is required for the SSL setup in AEM
D:\AEM 6.3\AEM 6.3 software\ssl>openssl pkcs8 -topk8 -inform PEM -outform DER -i
n localhostprivate.key -out localhostprivate.der -nocrypt
Enter pass phrase for localhostprivate.key:


You must see below files under the SSL folder:




Step 5: Go to this console http://localhost:4502/aem/inbox search for configure HTTPS -->click on Open
  • Enter the keystore password(one that is created while generating private key) and Trust store password (any new password) -->click on next

  • Select private key with .DER format and select .crt for certificate file --> Click on next

  • Select the port number : 8443 --> Next 
  • That's It - Shows the SSL setup successfully completed
  • Now click on the Go to HTTPS URL to browse the pages in SSL

Step6 : Check the Validity of SSL certificate in Useradmin console
  • Go to https://localhost:8443/libs/granite/security/content/useradmin.html
  • Search for ssl-service


  • Open the SSL-service and search for Manage keystore under account settings(https://localhost:8443/libs/granite/security/content/userEditor.html/home/users/system/security/ssl-service)
  • Open the Manage Keystore to verify the validity of SSL certificate


  • From this manage keystore console can change the keystore password if required in future.
  • Open the trust key store console can change the trust key store password if required in future
Step7 : How to verify on which port SSL is configured and which service
  • Go to Felix console : http://localhost:4502/system/console/configMgr
  • Search for Granite SSL connection factory
OR - Use this below URL to validate the SSL setup
  • https://localhost:8443/libs/granite/security/post/sslSetup.html


1 comment:

  1. Blazing HubOctober 16, 2020 at 6:22 AM

    Offshore Hosting with 100% DMCA ignored Hosting, Offshore Dedicated Server, Offshore VPS Hosting. offshorededi is the Most Secure Offshore Host.

    ReplyDelete

Subscribe to: Post Comments (Atom)