Question

How is it possible to setup and configure SSL in the CQ Servlet Engine (CQSE)?

Answer, Resolution

An SSL listener needs to be configured in the CQ Servlet Engine to enable SSL and thus HTTPS access. The following configuration example describes how to create a keystore from scratch containing a self-signed certificate using the Java keytool [1] command.

First of all, a new keystore file including a self-signed certificate needs to be created. To do this, run the following on a command-line:

$JAVA_HOME/bin/keytool -genkey -alias localhost -keyalg RSA
          -keystore /path/to/my/keystore

During the process, some information has to be provided, e.g. name of the certificate holder, company name, keystore and key password. Once the keystore has been created, the CQSE needs to be reconfigured.

Edit the server.xml configuration file and add a <listener> section to the <container> block as follows:

crx-quickstart/server/etc/server.xml

<listener>
    <bind-port>443</bind-port>
    <ssl>
        <protocol>SSL</protocol>
        <key-store>
            <name>/path/to/mykeystore</name>
            <passphrase><keystore_password></passphrase>
        </key-store>
        <key>
            <alias>localhost</alias>
            <password>keypass</password>
        </key>
    </ssl>		
</listener>

After a restart, the CQSE will be accessible via HTTPS. Due to the fact that a self-signed certificate is in use, browsers will display a security warning. In order to deploy a proper SSL certificate provided by an official certificate provider, such a certificate needs to be imported into the keystore of the server where the CQSE is running.

Applies to

CQSE 4.x

עבודה זו בוצעה ברישיון של Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  הודעות המתפרסמות ב- Twitter™‎ ו- Facebook אינן מכוסות בתנאי Creative Commons.

הצהרות משפטיות   |   מדיניות פרטיות מקוונת