Setting up SSL in AEM to Enable HTTPS
By enabling HTTPS in AEM, you ensure that your connections are encrypted and secure, laying a strong foundation for secure communication protocols.
This step-by-step guide walks you through the process using AEM's built-in SSL wizard. Ensure encrypted connections and fortify trust with your users. Let's make your AEM environment a safe haven for digital experiences.
| Section 1: Generate Private Key and Self-Signed Certificate |
This section outlines the steps to generate a private key and self-signed certificate pair, essential for enabling HTTPS in your AEM instance.
If you already possess a private key/certificate, feel free to proceed directly to Section 2.
Step 1: Install OpenSSL Software:
Begin by installing OpenSSL software on your system. This toolkit provides the necessary tools for managing SSL certificates and cryptographic operations.
Step 2: Launch Command Prompt as Administrator:
To execute commands with the required permissions, launch Command Prompt as an administrator. This ensures smooth execution of commands and creation of necessary files.
Step 3: Navigate to the Desired Folder:
Move to the directory where you intend to generate your private key and certificate. Utilize the cd command to navigate to the appropriate location within Command Prompt.
Step 4: Generate the Private Key and self signed certificate:
### Invoke OpenSSL
openssl
### Create Private Key
genrsa -aes256 -out localhostprivate.key 4096
### Generate Certificate Signing Request using private key
req -sha256 -new -key localhostprivate.key -out localhost.csr -subj "/CN=localhost"
### Generate the SSL certificate and sign with the private key, will expire one year from now
x509 -req -days 365 -in localhost.csr -signkey localhostprivate.key -out localhost.crt
### Convert Private Key to DER format - SSL wizard requires key to be in DER format
pkcs8 -topk8 -inform PEM -outform DER -in localhostprivate.key -out localhostprivate.der -nocrypt
Alternatively, you can execute these steps using Git Bash in administrator mode, providing another avenue to generate the private key and self-signed certificate pair.
Note: It's crucial to note that self-signed certificates are suitable for sample purposes only and should not be used in production environments. They lack the validation provided by trusted certificate authorities, potentially exposing users to security risks.
| Section 2: Enable HTTPS in AEM Instance |
In this section, we delve into the steps to enable HTTPS in your AEM instance, ensuring secure communication channels for your digital experiences.
Navigate to SSL Configuration: Access AEM Author and navigate to Tools > Security. Select the SSL Configuration option.
- Set Passwords for Key Store and Trust Store:
- Enter and confirm the password for the Key Store associated with "ssl-service" system user.
- Enter and confirm the password for the global Trust Store. Note: If already created, the entered password will be ignored.
- Upload Private Key and Certificate: Generate the private key and certificate as explained in the beginning. Then, upload Private Key in DER format and the associated SSL Certificate as .crt.
- Update SSL Connector Details: Update HTTPS Hostname value to match the Common Name (CN) from the certificate (e.g., "localhost" in our example). Provide the HTTPS Port value.
- Verify SSL Setup: To verify SSL, click the "Go to HTTPS URL" button.
In this example, this URL should work - https://localhost:8443/aem/start.html.
Related Conversations
