Generate secure keys for SSL communication - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

Use this information to generate certificates for SSL/mutual TLS authentication between the repository and Content Services, using secure keys specific to your installation.

The old script version can still be used and its description is provided in the Alfresco Search Services documentation, Secure keys. It can be replaced with executions of new scripts, that allow for more granularity and control (for example, excluding Solr).

For both approaches, the run_additional script can be used to generate additional sets of keystores/truststores to be used by other services. So adding mTLS set up for the Transform Service with mTLS already present for Solr is possible with the run_additional scripts usage.

A certificates generator script, run.sh (for Linux) and run.cmd (for Windows) is provided in a GitHub project. The script consists of two parts - the first part is based on OpenSSL (to generate the certificates), and the second part is based on the Java keytool (to build the keystores and truststores). Here, we’ll focus on running the script for a standalone Linux or Windows operating system.

Before you start, you must already have OpenSSL and keytool available in your system path.

  1. Browse to the https://github.com/Alfresco/alfresco-ssl-generator GitHub project and click Clone or Download.

    If you downloaded the project, extract the files to a suitable location.

  2. Change directory to the following location and run the script:

    (For Linux)

     cd /ssl-tool
     ./run.sh
    

    (For Windows)

     cd ssl-tool-win
     run.cmd
    

    By default, this creates a keystores folder in your current working directory.

    Note: If the keystores folder isn’t empty, the script exits without producing any keystore or truststore. You can safely, remove the keystores folder if you need to re-run the script.