0

I have configured alfresco to work with HTTPS on port 443. As tomcat is using an APR connector, I had to generate a .cer file and .key file for the SSL connection (instead of a .keystore file) I have referred the following links: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

http://docs.alfresco.com/4.2/tasks/SharePoint-SSL.html

Here are the settings from my server.xml file:

<Connector
       protocol="HTTP/1.1"
       port="443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       SSLCertificateFile="/root/mycompany.crt"
       SSLCertificateKeyFile="/root/mycompany.key"
       SSLVerifyClient="optional" SSLProtocol="TLSv1"/>

alfresco-global.properties has the following changes:

alfresco.port=443
alfresco.protocol=https
share.port=443
share.protocol=https

Now the https://sitename.com/share works fine except the MS Office edit online part.

Can anyone tell what configurations should go in the vti share point protocol part here :

vti.server.port=7070
vti.server.protocol=https
vti.server.ssl.keystore=/opt/alfresco-4.2.2/alf_data/keystore/ssl.keystore
vti.server.ssl.password=kT9X6oe68t
vti.server.url.path.prefix=/alfresco
vti.server.external.host=localhost
vti.server.external.port=7070
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco

Please help. Thanks !

Cœur
  • 37,241
  • 25
  • 195
  • 267
jcoder12
  • 167
  • 1
  • 4
  • 15
  • I think this only works with Mozilla Firefox. Check this out -> https://forums.alfresco.com/forum/end-user-discussions/alfresco-share/solved-activate-online-edit-ms-office-docs-01282009-1655 – Miki Sep 30 '14 at 12:58
  • Hi @Miki, thanks for the link. I can see the online edit button and it works if I use the SSL certificate that alfresco uses for communication between itself and SOLR, as mentioned in this link: http://blyx.com/2014/04/01/alfresco-tip-how-to-enable-ssl-in-alfresco-sharepoint-protocol/. But now I want to use my self-signed certificate. – jcoder12 Sep 30 '14 at 13:16
  • What happens if you try visiting `https://localhost:7070/` in your browser - does that load with the "it works - this is SPP" page, or do you get an error? – Gagravarr Sep 30 '14 at 21:51
  • Hi @Gagravarr, as I have mentioned below, I finally got it working with ssl.keystore and the default password but still have some doubts. – jcoder12 Oct 01 '14 at 13:48
  • The issue was with the external.host property. I had to give the full server name with the domain name instead of localhost. – jcoder12 Oct 03 '14 at 15:17

2 Answers2

2

After struggling a lot with the Alfresco documentation for weeks (which had significantly different steps from the ones that actually worked) and help from online links, I was ultimately able to configure HTTPS with sharepoint protocol in Alfresco on a Linux OS, with a certificate from GoDaddy CA.

Here are a detailed list of steps:

  1. Generate a keystore keytool –keysize 2048 –genkey –alias tomcat –keyalg RSA –keystore tomcat.keystore
  2. Generate a CSR keytool –certreq –keyalg RSA –alias tomcat –file csr.csr –keystore tomcat.keystore
  3. Obtain certificates from GoDaddy
  4. Download the root certificate from their site ; gdroot-g2.crt
  5. Install root certificate keytool –import –alias root –keystore tomcat.keystore –trustcacerts –file gdroot-g2.crt
  6. Install intermediate certificate keytool –import –alias intermed -keystore tomcat.keystore –trustcacerts –file gdig2.crt

  7. Install issued certificate keytool –import –alias tomcat –keystore tomcat.keystore –trustcacerts –file domain.crt

  8. Changes in server.xml

Used port 443 for SSL Add a new connector 443

      <Connector port="443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore" keystorePass="changeit" keystoreType="JKS" secure="true" connectionTimeout="240000" truststoreFile="/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore" truststorePass="changeit" truststoreType="JKS" clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />

Add redirect port to normal 8080 port

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" maxHttpHeaderSize="32768" />

9. Restarted tomcat. Now alfresco should work on https

  1. Update alfresco-global.properties vti.server.port=7070 vti.server.protocol=https vti.server.ssl.keystore=/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore vti.server.ssl.password=changeit vti.server.url.path.prefix=/alfresco vti.server.external.host=servername.domain.com vti.server.external.port=7070 vti.server.external.protocol=https vti.server.external.contextPath=/alfresco

  2. Change vti -context.xml file in tomcat/webapps/alfresco/WEB-
    INF/classes/alfresco/module/org.alfresco.module.vti/context/vti-context.xml as: Comment out the existing "vtiServerConnector" bean, and uncomment class="org.mortbay.jetty.security.SslSocketConnector">

jcoder12
  • 167
  • 1
  • 4
  • 15
1

For real sharepoint protocol SSL you'll need to override the vtiServerConnector bean, like this:

<!-- Use this Connector instead for SSL communications -->
<!-- You will need to set the location of the KeyStore holding your -->
<!-- server certificate, along with the KeyStore password -->
<!-- You should also update the vti.server.protocol property to https -->

<bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector">
    <property name="port">
        <value>${vti.server.port}</value>
    </property>
    <property name="headerBufferSize">
        <value>8192</value>
    </property>
    <property name="maxIdleTime">
        <value>30000</value>
    </property>
    <property name="keystore">
        <value>${vti.server.ssl.keystore}</value>
    </property>
    <property name="keyPassword">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="password">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="keystoreType">
        <value>JCEKS</value>
    </property>
</bean>

Change the vti.server.external.protocol in the alfresco-global.properties to https

And set the correct values voor vti.server.ssl.keystore and vti.server.ssl.password

Tahir Malik
  • 6,623
  • 15
  • 22
  • Hi @Tahir, Thanks for replying. I did override the vtiServerConnection bean and added the properties in alfresco-global.properties. I was just confused as for what would be the correct values for vti.server.ssl.keystore and vti.server.ssl.password, as I am using a .cer and .key file and not a .keystore file with a password for my tomcat SSL. I finally got it working with ssl.keystore and default password. But, not sure if that's the right way to do it. – jcoder12 Oct 01 '14 at 13:47
  • Eehm I just used the provided Alfresco keystore and password file in the /alf_data/keystore folder. I can't comment on the .cer file and .key, sure there is a way to do it rightfully. – Tahir Malik Oct 01 '14 at 14:02
  • 1
    With a little google and Stack help I've found this: http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore – Tahir Malik Oct 01 '14 at 14:05