Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

SSL configuration on Windows

Avatar

Level 2

I am running AEM 6.5 on a windows box and instead of following the SSL configuration setup process by AEM, I tried generating CSR via windows mmc and shared the CSR with CA. And CA has provided me with the certificate. I installed the certification on the windows box but still I am not able access the instance with https. Are there any additional configurations I need to check on the AEM side? 

2 Replies

Avatar

Community Advisor

Hello @midhun1909 -

 

Yes, there are additional configurations you need to check on the AEM side to enable HTTPS access with the certificate you obtained from the CA.

 

Here are the steps you should follow:

 

1. Import the Certificate into the Windows Certificate Store:
- Open the Windows MMC (Microsoft Management Console) by running the "mmc" command in the command prompt.
- Add the "Certificates" snap-in and choose the "Computer account" option.
- Navigate to the "Personal" certificate store and import the certificate provided by the CA into the "Personal" store.

 

2. Export the Certificate with the Private Key:
- Locate the certificate you imported in the "Personal" store.
- Right-click on the certificate and select "All Tasks" > "Export".
- Follow the export wizard to export the certificate with the private key in PKCS12 format (.pfx file).

 

3. Configure the AEM Truststore:
- Copy the exported .pfx file to your AEM server.
- Open the AEM Start script (start.bat/start), which is typically located in the "crx-quickstart/bin" directory.
- Add the following JVM options to the script:

-Djavax.net.ssl.keyStore=path-to-pfx-file
-Djavax.net.ssl.keyStoreType=PKCS12
-Djavax.net.ssl.keyStorePassword=password-for-pfx-file



4. Restart the AEM Instance:
- Save the changes to the start script and restart the AEM instance.
- AEM will use the configured Truststore with the SSL certificate and private key.

 

Make sure to replace "path-to-pfx-file" with the actual path to the exported .pfx file, and "password-for-pfx-file" with the password you set during the export process.

 

After restarting the AEM instance with the updated Truststore configuration, you should be able to access your AEM instance using HTTPS.

 

Avatar

Level 2

Hi @Tanika02 

 

Thank you for the detailed step by step instructions.

 

I followed the steps and still no luck,

 

I see the below error in the log

 

29.06.2023 13:05:59.578 *ERROR* [Apache Sling Repository Startup Thread] org.apache.felix.http.jetty Failed starting connector 'null' provided by [org.apache.felix.http.jetty.ConnectorFactory] (java.lang.RuntimeException: Exception while creating connector)
java.lang.RuntimeException: Exception while creating connector
at com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory.createConnector(GraniteSslConnectorFactory.java:222) [com.adobe.granite.jetty.ssl:1.0.4.CQ650-B0004]

at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.jcr.LoginException: Login Failure: all modules ignored
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:290) [org.apache.jackrabbit.oak-jcr:1.22.5]
at org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:225) [org.apache.jackrabbit.oak-jcr:1.22.5]
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.impersonate(SessionImpl.java:275) [org.apache.jackrabbit.oak-jcr:1.22.5]
at com.adobe.granite.repository.impl.CRX3SessionImpl.impersonate(CRX3SessionImpl.java:149) [com.adobe.granite.repository:1.6.28.CQ650-B0001]
at com.adobe.granite.repository.impl.SlingRepositoryImpl.impersonateFromService(SlingRepositoryImpl.java:191) [com.adobe.granite.repository:1.6.28.CQ650-B0001]
at com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory.getSession(GraniteSslConnectorFactory.java:254) [com.adobe.granite.jetty.ssl:1.0.4.CQ650-B0004]
at com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory.createConnector(GraniteSslConnectorFactory.java:204) [com.adobe.granite.jetty.ssl:1.0.4.CQ650-B0004]
... 88 common frames omitted
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:892)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:672)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:670)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:670)