AEM 6.3 introduces an SSL setup wizard to make it easier to setup an AEM instance to run over HTTPS.


For managed environments, it is best for the IT department to provide CA-trusted certificates and keys.

Self-signed certificates are only to be used for development purposes.

Private key and self-signed certificate download

The following zip contains DER and CRT files required for setting up AEM SSL on localhost and intended for local development purposes only.

The DER and CERT files are provided for convenience and genereated using the steps oulined in the Generate Private Key and Self-Signed Certficate section below.

If needed, the certificate pass phrase is admin.


Private key and self-signed certificate generation

The above video depicts the setup and configuration of SSL on an AEM author instance using self-signed certificates. The below commands using OpenSSL can generate a private key and certificate to be used in Step 2 of the wizard. 

### Create Private Key
$ openssl genrsa -aes256 -out localhostprivate.key 4096

### Generate Certificate Signing Request using private key
$ openssl req -sha256 -new -key localhostprivate.key -out localhost.csr -subj '/CN=localhost'

### Generate the SSL certificate and sign with the private key, will expire one year from now
$ openssl x509 -req -days 365 -in localhost.csr -signkey localhostprivate.key -out localhost.crt

### Convert Private Key to DER format - SSL wizard requires key to be in DER format
$ openssl pkcs8 -topk8 -inform PEM -outform DER -in localhostprivate.key -out localhostprivate.der -nocrypt

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy