Question

How is it possible to setup and configure SSL in the CQ Servlet Engine (CQSE)?

Answer, Resolution

An SSL listener needs to be configured in the CQ Servlet Engine to enable SSL and thus HTTPS access. The following configuration example describes how to create a keystore from scratch containing a self-signed certificate using the Java keytool [1] command.

First of all, a new keystore file including a self-signed certificate needs to be created. To do this, run the following on a command-line:

$JAVA_HOME/bin/keytool -genkey -alias localhost -keyalg RSA
          -keystore /path/to/my/keystore

During the process, some information has to be provided, e.g. name of the certificate holder, company name, keystore and key password. Once the keystore has been created, the CQSE needs to be reconfigured.

Edit the server.xml configuration file and add a <listener> section to the <container> block as follows:

crx-quickstart/server/etc/server.xml

<listener>
    <bind-port>443</bind-port>
    <ssl>
        <protocol>SSL</protocol>
        <key-store>
            <name>/path/to/mykeystore</name>
            <passphrase><keystore_password></passphrase>
        </key-store>
        <key>
            <alias>localhost</alias>
            <password>keypass</password>
        </key>
    </ssl>		
</listener>

After a restart, the CQSE will be accessible via HTTPS. Due to the fact that a self-signed certificate is in use, browsers will display a security warning. In order to deploy a proper SSL certificate provided by an official certificate provider, such a certificate needs to be imported into the keystore of the server where the CQSE is running.

Applies to

CQSE 4.x

이 작업에는 Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License의 라이센스가 부여되었습니다.  Twitter™ 및 Facebook 게시물은 Creative Commons 약관을 적용받지 않습니다.

법적 고지 사항   |   온라인 개인 정보 보호 정책