AEM6中的SSL配置问题

时间:2015-01-25 14:36:40

标签: ssl cq5 aem

我在配置配置的AEM实例SSL时遇到问题。我使用下面的命令来生成密钥库。

user@user/media/vivek/Misc/SelfWork/Author/ssl$ keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore /Misc/SelfWork/Author/ssl/cqkeystore.keystore -keypass password -storepass password -dname "CN=sbroders-w7, OU=CQ, O=Adobe, L=Ottawa,S=Ontario, C=CA"

/media/user/Misc/SelfWork/Author/ssl$ keytool -export -alias cqse -file client.cer -keystore cqkeystore.keystore 
/media/user/Misc/SelfWork/Author/ssl$ keytool -import -v -trustcacerts -alias cqse -file client.cer -keystore truststore.ts

这会生成密钥库&信任库位于/ media / vivek / Misc / SelfWork /作者/ ssl,名称为cqkeystore.keystore。但是当我启动AEM时,err.log中没有错误。我能看到相关的是

:25.01.2015 20:39:08.794 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.http])] org.eclipse.jetty.server.AbstractConnector Started SslSelectChannelConnector@0.0.0.0:8558
25.01.2015 20:39:08.794 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.http])] org.apache.felix.http.jetty Started Jetty 8.1.14.v20131031 at port(s) HTTP:8588 HTTPS:8558 on context path /

以下是felix上的配置详细信息(httpd.config)。重新启动它只在http& amp;不在https上。

org.apache.felix.https.keystore.password="password"
org.apache.felix.http.session.timeout=I"0"
org.apache.felix.https.clientcertificate="none"
org.apache.felix.http.host="0.0.0.0"
org.apache.felix.http.debug=B"false"
org.apache.felix.https.jetty.cipersuites.included=[""]
org.apache.felix.https.truststore="/media/user/Misc/SelfWork/Author/ssl/truststore.ts"
org.apache.felix.http.context_path="/"
org.apache.felix.http.jetty.maxFormSize=I"204800"
org.apache.felix.http.jetty.requestBufferSize=I"8192"
org.apache.felix.https.keystore="/media/user/Misc/SelfWork/Author/ssl/cqkeystore.keystore"
org.apache.felix.https.nio=B"true"
org.apache.felix.http.jetty.responseBufferSize=I"24576"
org.apache.felix.http.jetty.headerBufferSize=I"16384"
org.apache.felix.https.enable=B"true"
org.osgi.service.http.port=I"8588"
org.apache.felix.http.enable=B"true"
org.apache.felix.http.mbeans=B"false"
org.osgi.service.http.port.secure=I"8558"
service.pid="org.apache.felix.http"
org.apache.felix.https.truststore.password="password"
org.apache.felix.http.nio=B"true"
org.apache.felix.https.keystore.key.password="password"
org.apache.felix.http.timeout=I"60000"
org.apache.felix.https.jetty.cipersuites.excluded=[""]
org.apache.felix.http.path_exclusions=["/system"]

有任何建议如何解决此问题。

由于

1 个答案:

答案 0 :(得分:1)

以下配置对我有用,

org.apache.felix.https.keystore.key.password="password"
service.pid="org.apache.felix.http"
org.apache.felix.https.nio=B"true"
org.apache.felix.https.keystore.key="cqse"
org.apache.felix.https.keystore.password="password"
org.apache.felix.https.keystore="crx-quickstart/conf/cqkeystore.keystore"
org.osgi.service.http.port.secure=L"5433"
org.apache.felix.https.enable=B"true"

根据文档我遵循的步骤:Enable SSL on Author

并使用此命令创建密钥库:user@user-Aspire:/media/user/Misc/SelfWork/Author/crx-quickstart/conf$ keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore cqkeystore.keystore -keypass password -storepass password -dname "CN=sbroders-w7, OU=CQ, O=Adobe, L=Ottawa, S=Ontario, C=CA"