it might be easy to do it with reverse proxing and apache.

1. set a redirect option in your conf.d files
redirect / https://..../
2. create a virtual maschine and set reverse proxy
ProxyPass /alfresco localhost:8080/alfresco
ProxyPassReverse /alfresco localhost:8080/alfresco

It is simple to setup TomCat to use HTTPS - see the file tomcat/conf/server.xml - look for the section

and enable it. Then you can access TomCat on port 8443 (or whatever you configure) to use Alfresco in HTTPS mode.

You can change the permissions on any folder space using the web-client Manage Space Users action for a space. On a user Home Space simply remove the EVERYONE user from those invited to the space - then only the owner user and admin can access it.

Thanks,

Kevin

Thanks,

Kevin

Thanks! Worked for me. Version - labs 3 B.

Hi,

I followed your hints and activated https on Port 8443 in the tomcat configuration, but it some not to have any effekt, even after restart of alfresco and the whole server too.
Do I have to change any other file in version 3.0.0 (stable)?

Found the problem - I didn't create the keystore before...
Here's a good guide on how to enable SSL in Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
You'll have to add some options like keystore-home and keystorePass in the server.xml, like:

You'll have to pay attention on using the same password like you did when creating the keystore file.

I followed the instructions on this page and on the Apache link. For some reason when I connect to the 8443 port it wants to send me a bin file now. Any ideas? I am using Alfresco on Ubuntu and I am connecting using localhost for now.

Pay no attention to my previous post. It was a simple matter of putting "https" before localhost:8443

I am having problems getting Share to work with SSL however. The regular /alfresco works like a charm. I am getting authentication errors in Share.

Hi All

Is there a fix for using share with https? I've just set up 3.2 with https and share still fails :(

many thanks,
Niels

Hi,

I'm currently using Labs3 final.
Everything's running fine with SSL: Alfresco, Share and DoCASU.
Did you create the certificate for tomcat:
/usr/java/jdk1.6.0_12/bin/keytool -genkey -alias tomcat -keyalg RSA
This will ask you for a keystore-password and further details.

Additionaly, you have to remove the comment signs "" for the SSL connector (I think you have already done this, if Alfresco works with SSL):

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

               maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/.keystore" keystorePass="xxx"

               clientAuth="false" sslProtocol="TLS" />

You can find more info on configuring SSL with tomcat here:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

I am using 3.2r2 community and have created the keystore and uncommented the https section and port 8443 works fine for explorer and share as long as I don't comment out port 8080. This means that people can access my server without SSL if they just use port 8080.

I can set up my firewall so that people cannot access 8080 but is there a way to drop port 8080 entirely so that even my internal folks need to use SSL?

When I comment out 8080, I get the following:

type Exception report
 
message
 
description The server encountered an internal error () that prevented it from fulfilling this request.
 
exception
 
javax.servlet.ServletException: org.alfresco.error.AlfrescoRuntimeException: 02090001 Unable to retrieve object: site-index of type: page
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:146)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
org.alfresco.error.AlfrescoRuntimeException: 02090001 Unable to retrieve object: site-index of type: page
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:140)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
org.alfresco.web.framework.exception.ModelObjectPersisterException: Error loading object id: site-index from persister id: RemoteStore_alfresco/site-data/pages_page
	org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:110)
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
org.alfresco.web.framework.exception.ModelObjectPersisterException: Failure to load model object for path: site-index.xml
	org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:170)
	org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
	org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
java.io.IOException: Unable to test document path: site-index.xml in remote store: alfresco due to error: 498 Connection refused
	org.alfresco.web.scripts.RemoteStore.hasDocument(RemoteStore.java:351)
	org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:136)
	org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
	org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.

I can see that redirection from https is going to http:8080 but how to fix this?

Centos 5.4
Alfresco 3.2r2
MySQL 5.1

Thanks for the info, I was able to get https to work using the above info.

I am having a problem where anytime when I upload something, ie a photo to the user profile, it will say Upload Failure. This happens when I upload a document to the Document Library. This is only happening if I use https.

If I use http, everything works fine. Can someone give me some pointer to get this resolve. I am able to login and access Alfresco versio 3.3 via https. The error only occurs when I try to uplaod something, it will say Upload Failure.

Thanks in advance

Please see: https://issues.alfresco.com/jira/browse/ALF-1324

Thanks,
Mike

I tried the following, it is not working for me.
Resolution: When using internet explorer add the cert to "Trusted Root Certification Authorities", upload now works in Firefox.

I exported the personal SSL, import to the "Trusted Root Certification Authorities", it shows up on the list, but when I tried to access https:, Internet Explorer still said
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

I continue to get security warnings in Internet Explorer, but I was able to upload files via "Internet Explorer" ,but I can not using Mozilla Firefox.

What am I not doing? Thanks.

Thanks,
Mike

Thanks, when will Native file upload be integrated into Alfresco?

Thanks,
Mike

Dear Alfresco User,

Good Day, I am new to alfresco and tomcat. I have seen your post that you have successfully configured alfresco on a secured connection https. In which i have not been to successful on doing the configuration. I was hopping you can share me the configuration or detailed steps on how you did the configuration.

I am currently using Alfresco Share Community 3.4b on a Windows 7 Home Premium computer.

1. I have created a .keystore
2. I have edit the server.xml:

but when i try to load https://localhost:8443/
nothing happens

I hope you can help me out. Please give a detailed instructions.
Thank you very much...

Hi,

I have the same problem, I found this issue addressed earlier and I read about all the probable solutions but still no succes.
I tried this activating https/8443 on another server (with tomcat 5.0 and another application) and with succes, no problem there.

But on my Alfresco-server it won't work. (Alfresco Community 3.4b on Windows 2003sp2)
I tried different things like placing the keystorefile in different places, changing the format of the-path-to, tried 443 etc... no luck. I can see (tcpViewer) that there is a connection established on port 8443 but that's all, no certificate seems to be delivered to the client-browser.

Any suggestions?

----------------------------------------

!!!!!! Update: I re-evaluated my server.xml file and changed two lines to avoid auto-configuration of the SSL-implementation:

-1. protocol="org.apache.coyote.http11.Http11Protocol" instead of the default line: protocol="HTTP/1.1"
-2. instead of value "on" which is default

That did the trick. :D

I am having difficulty implimenting this on a windows 2008 server with alfresco 3.4

Followed other peoples recommendations. Is there anyone that has done this on a windows environment?

One error i did notice was access denied when i tried to specify the locaiton of keystore or crt file.

I made the following changes

D:\Alfresco\tomcat\conf\server.xml

Also ran the following:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
name: my name
server host name
domain name
city
prov
country

yes/enter

Rebooted the server, now the regular page wont open "http://174.142.xxx.xxx:8181/share or if i use 8443 :/

Credit to CoenE

I did what you told me to change and it works!
Alfresco in Secured connection is working now. But I get this Certificate Erros, should i worry about it?

Thank again for your help.
Awesome!!!

I'm having many issues getting Alfresco Share to work with SSL/HTTPS. We would like to use Alfresco Share externally, as most of our users are not able to access our VPN at client sites. Being that I would like some level of security around Alfresco, I would like secure it with SSL. I have generated the CSR and received the SSL cert back from DigiCert, but I am having a heck of a time getting Alfresco working with it.

I have read through this thread, and many others, and I'm still unable to get it to work. The farthest I got, was editing the server.xml file, as documented in this thread, but after a restart, I am unable to access Alfresco on either HTTP or HTTPS, the application doesn't seem to be available at all. Does anyone know of a "idiots" guide to implementing SSL for Alfresco Share?

Any help would be much appreciated.

Thanks,
Shawn

Here is an example of a working config :

Sorry for the presentation but the

 tags are pretty unreadable.

 

[b][u]Generate a keystore file : [/u][/b]

keytool -genkey -alias tomcat -keyalg RSA -keystore [b]thefile.keystore[/b]

 

(to add your own certificate see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore)

 

 

[b][u]In the file server.xml :[/u][/b] 

-----------------------------------------------------------------------------------------------------------------------

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />

 

[...]

 

<Connector port="8080" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol"

connectionTimeout="20000"

redirectPort="8443" />

 

<Connector port="8443" protocol="HTTP/1.1" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="TheKeystoreFile" keystorePass="ThePasswd"

clientAuth="false" sslProtocol="TLS" />

-----------------------------------------------------------------------------------------------------------------------

 

Then restart Alfresco and go to http[b][u]s[/u][/b]://address:8443/share

 

I hope it will work for you too.

Hi,
Unfortunately I can't help you for this.
I didn't look for solution for that because my firewall blocks the 8080 port, so the users are forced to use the 443 port.
Some files contain the web path like alfresco-global.properties
web.application.context.url=http://127.0.0.1:8080/alfresco
Try to find them and modify them.
Sorry.

I have Alfresco Community 3.3 running on an Amazon EC2 instance. I have pretty much set up everything for SSL access (created the keys, downloaded the SSL cert from GoDaddy, made changes to the Tomcat "server.xml". When I try to login to Share at port 8443, I get an authentication error. However, I am able to login to Alfresco Explorer by accessing it at port 8443. I am trying to figure out what I am doing wrong. Would anyone know what's going on?

Alfresco Share requires port 8080 of the Repository to function, from what I understand.

http://forums1.man.alfresco.com/en/viewtopic.php?f=47&t=27826#p90735

I have Alfresco Community 3.3 running on an Amazon EC2 instance. I have pretty much set up everything for SSL access (created the keys, downloaded the SSL cert from GoDaddy, made changes to the Tomcat "server.xml". When I try to login to Share a@ port 8443, I get "authentication error". However, I am able to login to Alfresco Explorer by accessing it at port 8443. I am trying to figure out what I am doing wrong. Would anyone know what's going on?

Cyndarelli - I can't tell you what's going on, but I had a similar config and experience and I was not able to get it working with Tomcat. I put apache httpd in front of tomcat, got a SSL generated for apache and was able to get it working that way. However, just in case you are not aware, the Flash uploader will not function in SSL (due to Adobe, not Alfresco). So you can use the -one file at a time- html upload, but no multi-upload with https. :|

We've just added HTML5 drag-and-drop capability to Share (latest SVN HEAD now) which will become released product soon.

This should - hopefully - mean you can use the Flash uploader if you're stuck with MSIE, or native drag and drop if you've got a more modern browser (Firefox 3.6 but with file size limitations due to it's implementation; Firefox 4; Safari 5; Chrome 10).

Thanks,
Mike

Hey guys,

Try using your IP instead!

EX.

https://xx.xx.xx.xx:8443

If this works, than it could be a DNS issue!

That resolved things form me anyway!