Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

How to configure AEM for SSL only?

OlivBur
Level 3
Level 3

Hi,

I have followed this tutorial: SSL By Default

and now I would like to disable the "http" Access.

Where do I Need to configure this? There is a Felix HTTP Service OSGi configuration, but I'm not very sure how the Granite SSL Connector Config relates to the Felix HTTP Service config.

I tried once to simply disable http, but then I couldn't Access AEM anymore, also not via https.

Do I Need to enable then "https" in the Felix HTTP Service config? And does this config then uses the keystore from the ssl-service user?

Thanks for clarity here.

1 Accepted Solution
Vish_dhaliwal
Correct answer by
Employee
Employee

Hello,

org.apache.felix.http (Apache Felix Jetty Based Http Service) seems to be deprecated [1]. The SSL settings are done through Granite SSL config com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory, which is why EM is not able to startup with https port.

For disabling http, you can route external traffic over https via Dispatcher or create a mapping under the etc/map to rewrite all the http requests to https.

[1] https://helpx.adobe.com/experience-manager/6-4/sites/developing/using/reference-materials/javadoc/de...

Regards,

Vishu

View solution in original post

3 Replies
kautuk_sahni
Community Manager
Community Manager

Go to http://localhost:4502/system/console/configMgr

and Configure "Apache Felix Jetty Based Http" and remove check from Enable HTTP.

-kautuk

OlivBur
Level 3
Level 3

Hi @kautuksahni,

I have done this, but then the AEM instance is not available anymore, also not via the SSL configured port as I have already mentioned in my initial question.

I have checked this on a vanilla AEM instance.

Vish_dhaliwal
Correct answer by
Employee
Employee

Hello,

org.apache.felix.http (Apache Felix Jetty Based Http Service) seems to be deprecated [1]. The SSL settings are done through Granite SSL config com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory, which is why EM is not able to startup with https port.

For disabling http, you can route external traffic over https via Dispatcher or create a mapping under the etc/map to rewrite all the http requests to https.

[1] https://helpx.adobe.com/experience-manager/6-4/sites/developing/using/reference-materials/javadoc/de...

Regards,

Vishu

View solution in original post