Está viendo la ayuda para la versión:
To configure SSL on JBoss Application Server, you need an SSL credential for authentication. You can use the Java keytool to create a credential or request and import a credential from a certificate authority (CA). You must then enable SSL on JBoss.
You can run keytool by using a single command that includes all of the information needed to create the keystore.
In this procedure:
[appserver root] is the home directory of the application server running AEM forms.
[type] is a folder name that varies, depending on the type of install you performed.
-
In a command prompt, navigate to [JAVA HOME]/bin and type the following command to create the credential and keystore:
keytool -genkey -dname "CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country Code" -alias "LC Cert" -keyalg RSA -keypass key_password -keystore keystorename.keystore
Nota:
Replace [JAVA_HOME] with the directory where the JDK is installed, and replace the text in italic with values that correspond with your environment. Host Name is the fully qualified domain name of the application server.
-
Copy the keystorename.keystore to the [appserver root]/server/[type]/conf directory by typing one of the following commands:
- (Windows Single Server) copy keystorename.keystore [appserver root]\standalone\configuration
- (Windows Server Cluster) copy keystorename.keystore [appserver root]\domain\configuration
- (Linux Single Server) cp keystorename.keystore[appserver root]/standalone/configuration
- (Linux Server Cluster) cp keystorename.keystore[appserver root]/domain/configuration
-
Export the certificate file by typing the following command:
- (Single Server) keytool -export -alias "LC Cert" -file LC_cert.cer -keystore [appserver root]/standalone/configuration/keystorename.keystore
- (Server Cluster) keytool -export -alias "LC Cert" -file LC_cert.cer -keystore [appserver root]/domain/configuration/keystorename.keystore
- (Single Server) keytool -export -alias "LC Cert" -file LC_cert.cer -keystore [appserver root]/standalone/configuration/keystorename.keystore
-
- (Windows Single Server) copy LC_cert.cer [appserver root]\standalone\configuration
- (Windows Server Cluster) copy LC_cert.cer [appserver root]\domain\configuration
- (Linux Single Server) cp LC _cert.cer [appserver root]\standalone\configuration
- (Linux Server Cluster) cp LC _cert.cer [appserver root]\domain\configuration
-
- For single server, in the lc_<dbaname/tunkey>.xml file, add the following after <security-realms> section:
<security-realm name="SSLRealm"> <server-identities> <ssl> <keystore path="C:/Adobe/Adobe_Experience_Manager_Forms/jboss/standalone/configuration/aemformses.keystore" keystore-password="adobe" alias="AEMformsCert" key-password="adobe"/> </ssl> </server-identities> </security-realm>
Locate the <server> section present after the following code:
<http-listener name="default" socket-binding="http" redirect-socket="https" max-post-size="104857600"/>
Add the following to the <server> section present after above code:
<https-listener name="default-secure" socket-binding="https" security-realm="SSLRealm"/>
- For server cluster, in the [appserver root]\domain\configuration\host.xml on all nodes, add the following after <security-realms> section:
<security-realm name="SSLRealm"> <server-identities> <ssl> <keystore path="C:/Adobe/Adobe_Experience_Manager_Forms/jboss/standalone/configuration/aemformses.keystore" keystore-password="adobe" alias="AEMformsCert" key-password="adobe"/> </ssl> </server-identities> </security-realm>
On the master node of the Server Cluster, in the [appserver root]\domain\configuration\domain_<dbname>.xml, locate the <server> section present after the following code:
<http-listener name="default" socket-binding="http" redirect-socket="https" max-post-size="104857600"/>
Add the following to the <server> section present after above code:
<https-listener name="default-secure" socket-binding="https" security-realm="SSLRealm"/>
-
For turnkey installations:
From the Windows Control Panel, click Administrative Tools, and then click Services.
Select JBoss for Adobe Experience Manager forms.
Select Action > Stop.
Wait for the status of the service to appear as stopped.
Select Action > Start.
For Adobe preconfigured or manually configured JBoss installations:
From a command prompt, navigate to [appserver root]/bin.
Stop the server by entering the following command:
(Windows) shutdown.bat -S
(Linux) ./shutdown.sh -S
Wait until the JBoss process has fully shut down (when the JBoss process returns control to the terminal it was started in).
Start the server by entering the following command:
(Windows) run.bat -c <profile>
(Linux) ./run.sh -c <profile>
-
In a command prompt, navigate to [JAVA HOME]/bin and type the following command to create the keystore and the key:
keytool -genkey -dname "CN=Host Name, OU=Group Name, O=Company Name, L=City Name, S=State, C=Country Code" -alias "LC Cert" -keyalg RSA -keypass –key_password -keystore keystorename.keystore
Nota:
Replace [JAVA_HOME] with the directory where the JDK is installed, and replace the text in italic with values that correspond with your environment.
-
In a command prompt, navigate to [JAVA HOME]/bin and type the following command to import the root certificate of the CA with which the CSR has been signed:
keytool -import -trustcacerts -file rootcert.pem -keystore keystorename.keystore -alias root
If the root certificate is not in the browser, also import it there.
Nota:
Replace [JAVA_HOME] with the directory where the JDK is installed, and replace the text in italic with values that correspond with your environment.
-
In a command prompt, navigate to [JAVA HOME]/bin and type the following command to import the credential into the keystore:
keytool -import -trustcacerts -file CACertificateName.crt -keystore keystorename.keystore
Nota:
- Replace [JAVA_HOME] with the directory where the JDK is installed, and replace the text in italic with values that correspond with your environment.
- The imported CA signed certificate will replace a self-signed public certificate if it exists.