Reputation: 167
Configuring alfresco with HTTPS and share point protocol
I have configured alfresco to work with HTTPS on port 443. As tomcat is using an APR connector, I had to generate a .cer file and .key file for the SSL connection (instead of a .keystore file) I have referred the following links: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
http://docs.alfresco.com/4.2/tasks/SharePoint-SSL.html
Here are the settings from my server.xml file:
<Connector
protocol="HTTP/1.1"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/root/mycompany.crt"
SSLCertificateKeyFile="/root/mycompany.key"
SSLVerifyClient="optional" SSLProtocol="TLSv1"/>
alfresco-global.properties has the following changes:
alfresco.port=443
alfresco.protocol=https
share.port=443
share.protocol=https
Now the https://sitename.com/share works fine except the MS Office edit online part.
Can anyone tell what configurations should go in the vti share point protocol part here :
vti.server.port=7070
vti.server.protocol=https
vti.server.ssl.keystore=/opt/alfresco-4.2.2/alf_data/keystore/ssl.keystore
vti.server.ssl.password=kT9X6oe68t
vti.server.url.path.prefix=/alfresco
vti.server.external.host=localhost
vti.server.external.port=7070
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco
Please help. Thanks !
Upvotes: 0
Views: 5560
Answers (2)
Reputation: 167
After struggling a lot with the Alfresco documentation for weeks (which had significantly different steps from the ones that actually worked) and help from online links, I was ultimately able to configure HTTPS with sharepoint protocol in Alfresco on a Linux OS, with a certificate from GoDaddy CA.
Here are a detailed list of steps:
- Generate a keystore keytool –keysize 2048 –genkey –alias tomcat –keyalg RSA –keystore tomcat.keystore
- Generate a CSR keytool –certreq –keyalg RSA –alias tomcat –file csr.csr –keystore tomcat.keystore
- Obtain certificates from GoDaddy
- Download the root certificate from their site ; gdroot-g2.crt
- Install root certificate keytool –import –alias root –keystore tomcat.keystore –trustcacerts –file gdroot-g2.crt
- Install intermediate certificate keytool –import –alias intermed -keystore tomcat.keystore –trustcacerts –file gdig2.crt
Install issued certificate keytool –import –alias tomcat –keystore tomcat.keystore –trustcacerts –file domain.crt
Changes in server.xml
Used port 443 for SSL Add a new connector 443
<Connector port="443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore" keystorePass="changeit" keystoreType="JKS" secure="true" connectionTimeout="240000" truststoreFile="/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore" truststorePass="changeit" truststoreType="JKS" clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />
Add redirect port to normal 8080 port
<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" maxHttpHeaderSize="32768" />
9. Restarted tomcat. Now alfresco should work on https
Update alfresco-global.properties vti.server.port=7070 vti.server.protocol=https vti.server.ssl.keystore=/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore vti.server.ssl.password=changeit vti.server.url.path.prefix=/alfresco vti.server.external.host=servername.domain.com vti.server.external.port=7070 vti.server.external.protocol=https vti.server.external.contextPath=/alfresco
Change vti -context.xml file in tomcat/webapps/alfresco/WEB-
INF/classes/alfresco/module/org.alfresco.module.vti/context/vti-context.xml as: Comment out the existing "vtiServerConnector" bean, and uncomment class="org.mortbay.jetty.security.SslSocketConnector">
Upvotes: 2
Reputation: 6643
For real sharepoint protocol SSL you'll need to override the vtiServerConnector bean, like this:
<!-- Use this Connector instead for SSL communications -->
<!-- You will need to set the location of the KeyStore holding your -->
<!-- server certificate, along with the KeyStore password -->
<!-- You should also update the vti.server.protocol property to https -->
<bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector">
<property name="port">
<value>${vti.server.port}</value>
</property>
<property name="headerBufferSize">
<value>8192</value>
</property>
<property name="maxIdleTime">
<value>30000</value>
</property>
<property name="keystore">
<value>${vti.server.ssl.keystore}</value>
</property>
<property name="keyPassword">
<value>${vti.server.ssl.password}</value>
</property>
<property name="password">
<value>${vti.server.ssl.password}</value>
</property>
<property name="keystoreType">
<value>JCEKS</value>
</property>
</bean>
Change the vti.server.external.protocol in the alfresco-global.properties to https
And set the correct values voor vti.server.ssl.keystore and vti.server.ssl.password
Upvotes: 1
Related Questions
- Access alfresco using https (SSL) url
- Connecting Alfresco using Alfresco API's
- How to configure(SSL) self signed certificate in Alfresco 6.2 test environment after docker based installation?
- Cannot login to alfresco explorer or alfresco share
- Alfresco community to listen to https
- Alfresco SSL handshake exception
- Moving ssl handling from Tomcat to Apache?
- Alfresco share authentication
- how to use Alfresco Sharepoint protocol in my java web application
- Alfresco Community 4.0 with Microsoft Office integration via https