Home

Howto Secure Alfresco with https: access?

You are here

34 posts / 0 new
Last post
Howto Secure Alfresco with https: access?

Can someone please explain how to configure alfresco 2.1.0 so that it is accesable via web only through https://

The system is running the Alfresco 2.1.0 tomcal bundle on linux with a mysql database

The linux distribution I have used is debian etch 4.0

I would also like to know how I can configure alfresco so that the user spaces are only accesable by the user alone.

Thank you

it might be easy to do it with reverse proxing and apache.

1. set a redirect option in your conf.d files
redirect / https://..../
2. create a virtual maschine and set reverse proxy
ProxyPass /alfresco localhost:8080/alfresco
ProxyPassReverse /alfresco localhost:8080/alfresco

Thank you

Thank you very much, I will give it a try this afternoon.

Hope you have a good day
Regards

Re: Howto Secure Alfresco with https: access?

dholgado wrote:
Can someone please explain how to configure alfresco 2.1.0 so that it is accesable via web only through https://

The system is running the Alfresco 2.1.0 tomcal bundle on linux with a mysql database

The linux distribution I have used is debian etch 4.0

I would also like to know how I can configure alfresco so that the user spaces are only accesable by the user alone.

It is simple to setup TomCat to use HTTPS - see the file tomcat/conf/server.xml - look for the section

and enable it. Then you can access TomCat on port 8443 (or whatever you configure) to use Alfresco in HTTPS mode.

You can change the permissions on any folder space using the web-client Manage Space Users action for a space. On a user Home Space simply remove the EVERYONE user from those invited to the space - then only the owner user and admin can access it.

Thanks,

Kevin

Thanks,

Kevin

UI Team Manager and Technical Lead
http://twitter.com/kevinroast - Find me on Twitter!
http://wiki.alfresco.com - Alfresco Wiki docs and Community downloads
http://www.kevs3d.co.uk/dev - My personal HTML5 projects

Re: Howto Secure Alfresco with https: access?

Thanks! Worked for me. Version - labs 3 B.

Re: Howto Secure Alfresco with https: access?

Hi,

I followed your hints and activated https on Port 8443 in the tomcat configuration, but it some not to have any effekt, even after restart of alfresco and the whole server too.
Do I have to change any other file in version 3.0.0 (stable)?

CentOS 5.5, TomCat, MySQL, Alfresco Comm.v3.3.0g, DoCasu 1.6.3(patched), Java 1.6.0.21

[SOLVED] Howto Secure Alfresco with https: access?

Found the problem - I didn't create the keystore before...
Here's a good guide on how to enable SSL in Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
You'll have to add some options like keystore-home and keystorePass in the server.xml, like:

You'll have to pay attention on using the same password like you did when creating the keystore file.

CentOS 5.5, TomCat, MySQL, Alfresco Comm.v3.3.0g, DoCasu 1.6.3(patched), Java 1.6.0.21

Re: Howto Secure Alfresco with https: access?

I followed the instructions on this page and on the Apache link. For some reason when I connect to the 8443 port it wants to send me a bin file now. Any ideas? I am using Alfresco on Ubuntu and I am connecting using localhost for now.

Re: Howto Secure Alfresco with https: access?

Pay no attention to my previous post. It was a simple matter of putting "https" before localhost:8443

I am having problems getting Share to work with SSL however. The regular /alfresco works like a charm. I am getting authentication errors in Share.

Re: Howto Secure Alfresco with https: access?

Hi All

pescha wrote:
I am having problems getting Share to work with SSL however. The regular /alfresco works like a charm. I am getting authentication errors in Share.

Is there a fix for using share with https? I've just set up 3.2 with https and share still fails :(

many thanks,
Niels

Re: Howto Secure Alfresco with https: access?

Hi,

I'm currently using Labs3 final.
Everything's running fine with SSL: Alfresco, Share and DoCASU.
Did you create the certificate for tomcat:
/usr/java/jdk1.6.0_12/bin/keytool -genkey -alias tomcat -keyalg RSA
This will ask you for a keystore-password and further details.

Additionaly, you have to remove the comment signs "" for the SSL connector (I think you have already done this, if Alfresco works with SSL):

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/.keystore" keystorePass="xxx"
clientAuth="false" sslProtocol="TLS" />

You can find more info on configuring SSL with tomcat here:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

CentOS 5.5, TomCat, MySQL, Alfresco Comm.v3.3.0g, DoCasu 1.6.3(patched), Java 1.6.0.21

Re: Howto Secure Alfresco with https: access?

I am using 3.2r2 community and have created the keystore and uncommented the https section and port 8443 works fine for explorer and share as long as I don't comment out port 8080. This means that people can access my server without SSL if they just use port 8080.

I can set up my firewall so that people cannot access 8080 but is there a way to drop port 8080 entirely so that even my internal folks need to use SSL?

When I comment out 8080, I get the following:

type Exception report
 
message
 
description The server encountered an internal error () that prevented it from fulfilling this request.
 
exception
 
javax.servlet.ServletException: org.alfresco.error.AlfrescoRuntimeException: 02090001 Unable to retrieve object: site-index of type: page
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:146)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
org.alfresco.error.AlfrescoRuntimeException: 02090001 Unable to retrieve object: site-index of type: page
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:140)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
org.alfresco.web.framework.exception.ModelObjectPersisterException: Error loading object id: site-index from persister id: RemoteStore_alfresco/site-data/pages_page
	org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:110)
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
org.alfresco.web.framework.exception.ModelObjectPersisterException: Failure to load model object for path: site-index.xml
	org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:170)
	org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
	org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
root cause
 
java.io.IOException: Unable to test document path: site-index.xml in remote store: alfresco due to error: 498 Connection refused
	org.alfresco.web.scripts.RemoteStore.hasDocument(RemoteStore.java:351)
	org.alfresco.web.framework.StoreModelObjectPersister.getObjectByPath(StoreModelObjectPersister.java:136)
	org.alfresco.web.framework.StoreModelObjectPersister.getObject(StoreModelObjectPersister.java:108)
	org.alfresco.web.framework.MultiModelObjectPersister.getObject(MultiModelObjectPersister.java:106)
	org.alfresco.web.framework.ModelObjectManager.getObject(ModelObjectManager.java:136)
	org.alfresco.web.site.Model.getObject(Model.java:513)
	org.alfresco.web.site.Model.getPage(Model.java:165)
	org.alfresco.web.site.SlingshotPageMapper.executeMapper(SlingshotPageMapper.java:188)
	org.alfresco.web.site.AbstractPageMapper.execute(AbstractPageMapper.java:62)
	org.alfresco.web.site.DefaultRequestContextFactory.newInstance(DefaultRequestContextFactory.java:109)
	org.alfresco.web.site.FrameworkHelper.initRequestContext(FrameworkHelper.java:202)
	org.alfresco.web.site.servlet.DispatcherServlet.service(DispatcherServlet.java:142)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
 
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.

I can see that redirection from https is going to http:8080 but how to fix this?

Centos 5.4
Alfresco 3.2r2
MySQL 5.1

Dan Gruhn
Group W Inc.

Re: Howto Secure Alfresco with https: access?

Thanks for the info, I was able to get https to work using the above info.

I am having a problem where anytime when I upload something, ie a photo to the user profile, it will say Upload Failure. This happens when I upload a document to the Document Library. This is only happening if I use https.

If I use http, everything works fine. Can someone give me some pointer to get this resolve. I am able to login and access Alfresco versio 3.3 via https. The error only occurs when I try to uplaod something, it will say Upload Failure.

Thanks in advance

Re: Howto Secure Alfresco with https: access?
Re: Howto Secure Alfresco with https: access?

I tried the following, it is not working for me.
Resolution: When using internet explorer add the cert to "Trusted Root Certification Authorities", upload now works in Firefox.

I exported the personal SSL, import to the "Trusted Root Certification Authorities", it shows up on the list, but when I tried to access https:, Internet Explorer still said
There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

I continue to get security warnings in Internet Explorer, but I was able to upload files via "Internet Explorer" ,but I can not using Mozilla Firefox.

What am I not doing? Thanks.

Re: Howto Secure Alfresco with https: access?

icpeanuts wrote:
What am I not doing? Thanks.

No idea, sorry. The fix was supplied by a Community member. As far as Alfresco are concerned, unfortunately there's very little we can do about it until either (i) Adobe decide to fix the problem or (ii) native multi-file upload in browsers becomes more viable to support.

Thanks,
Mike

Re: Howto Secure Alfresco with https: access?

Thanks, when will Native file upload be integrated into Alfresco?

Re: Howto Secure Alfresco with https: access?

icpeanuts wrote:
Thanks, when will Native file upload be integrated into Alfresco?

When we're certain browser vendors have settled on a standard and we can find time to investigate and implement. Of course, if somebody else would like to contribute it, it will get in much quicker! :wink:

Thanks,
Mike

Re: Howto Secure Alfresco with https: access?

Dear Alfresco User,

Good Day, I am new to alfresco and tomcat. I have seen your post that you have successfully configured alfresco on a secured connection https. In which i have not been to successful on doing the configuration. I was hopping you can share me the configuration or detailed steps on how you did the configuration.

I am currently using Alfresco Share Community 3.4b on a Windows 7 Home Premium computer.

1. I have created a .keystore
2. I have edit the server.xml:

but when i try to load https://localhost:8443/
nothing happens

I hope you can help me out. Please give a detailed instructions.
Thank you very much...

Re: Howto Secure Alfresco with https: access?

Hi,

I have the same problem, I found this issue addressed earlier and I read about all the probable solutions but still no succes.
I tried this activating https/8443 on another server (with tomcat 5.0 and another application) and with succes, no problem there.

But on my Alfresco-server it won't work. (Alfresco Community 3.4b on Windows 2003sp2)
I tried different things like placing the keystorefile in different places, changing the format of the-path-to, tried 443 etc... no luck. I can see (tcpViewer) that there is a connection established on port 8443 but that's all, no certificate seems to be delivered to the client-browser.

Any suggestions?

----------------------------------------

!!!!!! Update: I re-evaluated my server.xml file and changed two lines to avoid auto-configuration of the SSL-implementation:

-1. protocol="org.apache.coyote.http11.Http11Protocol" instead of the default line: protocol="HTTP/1.1"
-2. instead of value "on" which is default

That did the trick. :D

Re: Howto Secure Alfresco with https: access?

I am having difficulty implimenting this on a windows 2008 server with alfresco 3.4

Followed other peoples recommendations. Is there anyone that has done this on a windows environment?

One error i did notice was access denied when i tried to specify the locaiton of keystore or crt file.

Re: Howto Secure Alfresco with https: access?

I made the following changes

D:\Alfresco\tomcat\conf\server.xml


Also ran the following:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
name: my name
server host name
domain name
city
prov
country

yes/enter

Rebooted the server, now the regular page wont open "http://174.142.xxx.xxx:8181/share or if i use 8443 :/

Re: Howto Secure Alfresco with https: access?

Credit to CoenE

I did what you told me to change and it works!
Alfresco in Secured connection is working now. But I get this Certificate Erros, should i worry about it?

Thank again for your help.
Awesome!!!

Re: Howto Secure Alfresco with https: access?

I'm having many issues getting Alfresco Share to work with SSL/HTTPS. We would like to use Alfresco Share externally, as most of our users are not able to access our VPN at client sites. Being that I would like some level of security around Alfresco, I would like secure it with SSL. I have generated the CSR and received the SSL cert back from DigiCert, but I am having a heck of a time getting Alfresco working with it.

I have read through this thread, and many others, and I'm still unable to get it to work. The farthest I got, was editing the server.xml file, as documented in this thread, but after a restart, I am unable to access Alfresco on either HTTP or HTTPS, the application doesn't seem to be available at all. Does anyone know of a "idiots" guide to implementing SSL for Alfresco Share?

Any help would be much appreciated.

Thanks,
Shawn

Re: Howto Secure Alfresco with https: access?

Here is an example of a working config :

Sorry for the presentation but the

 tags are pretty unreadable.
 
[b][u]Generate a keystore file : [/u][/b]
keytool -genkey -alias tomcat -keyalg RSA -keystore [b]thefile.keystore[/b]
 
(to add your own certificate see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore)
 
 
[b][u]In the file server.xml :[/u][/b]
-----------------------------------------------------------------------------------------------------------------------
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
 
[...]
 
<Connector port="8080" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8443" />
 
<Connector port="8443" protocol="HTTP/1.1" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="TheKeystoreFile" keystorePass="ThePasswd"
clientAuth="false" sslProtocol="TLS" />
-----------------------------------------------------------------------------------------------------------------------
 
Then restart Alfresco and go to http[b][u]s[/u][/b]://address:8443/share
 
I hope it will work for you too.

Re: Howto Secure Alfresco with https: access?

ruffieuxlu wrote:
Here is an example of a working config :

Sorry for the presentation but the

 tags are pretty unreadable.
 
[b][u]Generate a keystore file : [/u][/b]
keytool -genkey -alias tomcat -keyalg RSA -keystore [b]thefile.keystore[/b]
 
(to add your own certificate see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore)
 
 
[b][u]In the file server.xml :[/u][/b]
-----------------------------------------------------------------------------------------------------------------------
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
 
[...]
 
 
<Connector port="8080" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol"
connectionTimeout="20000"
redirectPort="8443" />
 
<Connector port="8443" protocol="HTTP/1.1" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="TheKeystoreFile" keystorePass="ThePasswd"
clientAuth="false" sslProtocol="TLS" />
-----------------------------------------------------------------------------------------------------------------------
 
Then restart Alfresco and go to http[b][u]s[/u][/b]://address:8443/share
 
I hope it will work for you too.[/quote]
 
 
Hi, ruffieuxlu
 
Thanks your help. I have set my alfresco as you referred.
SSL is OK, but users also can access via 8080 port.
How to force user only access in secure mothed?
Thanks a lot.

Re: Howto Secure Alfresco with https: access?

Hi,
Unfortunately I can't help you for this.
I didn't look for solution for that because my firewall blocks the 8080 port, so the users are forced to use the 443 port.
Some files contain the web path like alfresco-global.properties
web.application.context.url=http://127.0.0.1:8080/alfresco
Try to find them and modify them.
Sorry.

Re: Howto Secure Alfresco with https: access?

I have Alfresco Community 3.3 running on an Amazon EC2 instance. I have pretty much set up everything for SSL access (created the keys, downloaded the SSL cert from GoDaddy, made changes to the Tomcat "server.xml". When I try to login to Share at port 8443, I get an authentication error. However, I am able to login to Alfresco Explorer by accessing it at port 8443. I am trying to figure out what I am doing wrong. Would anyone know what's going on?

Same Problem

Hello srinivasmurty: I'm have the same problem right now. Was you able to resolve this login issue with Alfresco Share over port 8443?

Re: Howto Secure Alfresco with https: access?

Alfresco Share requires port 8080 of the Repository to function, from what I understand.

http://forums1.man.alfresco.com/en/viewtopic.php?f=47&t=27826#p90735

Re: Howto Secure Alfresco with https: access?

I have Alfresco Community 3.3 running on an Amazon EC2 instance. I have pretty much set up everything for SSL access (created the keys, downloaded the SSL cert from GoDaddy, made changes to the Tomcat "server.xml". When I try to login to Share a@ port 8443, I get "authentication error". However, I am able to login to Alfresco Explorer by accessing it at port 8443. I am trying to figure out what I am doing wrong. Would anyone know what's going on?

Re: Howto Secure Alfresco with https: access?

Cyndarelli - I can't tell you what's going on, but I had a similar config and experience and I was not able to get it working with Tomcat. I put apache httpd in front of tomcat, got a SSL generated for apache and was able to get it working that way. However, just in case you are not aware, the Flash uploader will not function in SSL (due to Adobe, not Alfresco). So you can use the -one file at a time- html upload, but no multi-upload with https. :|

Re: Howto Secure Alfresco with https: access?

We've just added HTML5 drag-and-drop capability to Share (latest SVN HEAD now) which will become released product soon.

This should - hopefully - mean you can use the Flash uploader if you're stuck with MSIE, or native drag and drop if you've got a more modern browser (Firefox 3.6 but with file size limitations due to it's implementation; Firefox 4; Safari 5; Chrome 10).

Thanks,
Mike

Re: Howto Secure Alfresco with https: access?

Hey guys,

Try using your IP instead!

EX.

https://xx.xx.xx.xx:8443

If this works, than it could be a DNS issue!

That resolved things form me anyway!

forums index