An Alternate way to setup SSL through Apache Felix Jetty Based Http Service

Statement: An Alternate way to setup SSL through Apache Felix Jetty Based Http Service

Pre-requisite:

• JRE 1.8
• AEM 6.3 up and runing

Solution :

How to Generate the Keystore.jks Dev credentials:

• open the command prompt
• Enter the below command
• D:\AEM 6.2\Author\ssl> keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048

 What is your first and last name?

  [Unknown]:  chandrashekar Naik

What is the name of your organizational unit?

  [Unknown]:  ABC

What is the name of your organization?

  [Unknown]:  ABC

What is the name of your City or Locality?

  [Unknown]:  singapore

What is the name of your State or Province?

  [Unknown]:  singapore

What is the two-letter country code for this unit?

  [Unknown]:  65

Is CN=chandra Naik, OU=ABC, O=ABC, L=singapore, ST=singapore, C=65 correct?

  [no]:  yes

Enter key password for - enter the password

        (RETURN if same as keystore password): enter password

Re-enter new password:

• That's it Keystore.jks file is generated under D:\AEM 6.2\Author\ssl>

• Now Go to Felix console - https://localhost:5443/system/console/configMgr
• Search for Apache Felix Jetty Based Http Service 
• Open the Apache Felix Jetty Based Http Service

Where - Enable https = Select 

            Enter the Https port = 5443

           Path for keystore.jks = D:\AEM 6.2\Author\ssl

           File and password  used while generating keystore.jks file 

Configure Replication Agents to Use Secure URLs

Statement : Configure Replication Agents to Use Secure URLs.

Pre-Requisite :

• Author is up and running on SSL port
• Publisher is up an running on SSL port

Solution :

The following procedure configures the publish replication agent on the author instance. 
Perform the procedure for all replication agents that you want to communicate over SSL.

• Open the Tools page (http://localhost:4502/miscadmin).

• Click the Tools/Replication/Agents on author folder.

• In the right-hand frame, right-click Default Agent and click Open.

• Click Edit (below the Test Connection link) and then click the Transport tab.

• In the URI box, change the URL so that it uses the HTTPS protocol and the port that you configured for SSL on the publish instance.

• If you used a self-signed certificate to enable SSL on publish, select Enable Relaxed SSL.
• Click OK.

• Click Test Connection.

Forcing to Use SSL port in AEM Author 6.3

Statement : How to Force the website to use the SSL port

Pre-requisite : 

• AEM up and runnig on http port (Ex: 4502)
• AEM up and running on https port(Ex: 5443), SSL setup is done.

Solution :

Option: Force to use entire website to Https

• Go to /etc/map folder of type sling:folder
• Now under /etc/map create http node of type sling:folder. 

• Create a node under etc/map/http
• node Name – localhost.4502 
• Node Type– sling:mapping. 
• Add below properties to this localhost.4502  node: 
• Property Name: sling:redirect  Type : String   Value : https://localhost:5443 
• Click Save ALL , That's It now all your website pages will be automatically open with https domain . 

Option 2: Force to use few pages or specific page of website to SSL 

• Go to /etc/map folder of type sling:folder
• Now under /etc/map create http node of type sling:folder. 

• Create a node under etc/map/http
• node Name – localhost.4502 
• Node Type– sling:mapping. 

• Add below properties to this localhost.4502  node: 
• Property Name: sling:redirect  Type : String   Value : https://localhost:5443 
• Name: sling:match  Type : String   Value : aem/start.html 

Or

• Name: sling:match  Type : String   Value : content/geometrixx-outdoor/en/men/(.*).html 
• Click Save ALL , That's It now only pages path mentioned in the sling match will be  served through https domain .