For managed environments, it is best for the IT department to provide CA-trusted certificates and keys.
Self-signed certificates are only to be used for development purposes.
The following zip contains DER and CRT files required for setting up AEM SSL on localhost and intended for local development purposes only.
The DER and CERT files are provided for convenience and genereated using the steps oulined in the Generate Private Key and Self-Signed Certficate section below.
If needed, the certificate pass phrase is admin.
The above video depicts the setup and configuration of SSL on an AEM author instance using self-signed certificates. The below commands using OpenSSL can generate a private key and certificate to be used in Step 2 of the wizard.
### Create Private Key $ openssl genrsa -aes256 -out localhostprivate.key 4096 ### Generate Certificate Signing Request using private key $ openssl req -sha256 -new -key localhostprivate.key -out localhost.csr -subj '/CN=localhost' ### Generate the SSL certificate and sign with the private key, will expire one year from now $ openssl x509 -req -days 365 -in localhost.csr -signkey localhostprivate.key -out localhost.crt ### Convert Private Key to DER format - SSL wizard requires key to be in DER format $ openssl pkcs8 -topk8 -inform PEM -outform DER -in localhostprivate.key -out localhostprivate.der -nocrypt