Secure Sockets Layer (SSL) and the Repository - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

There are a number of ways to handle SSL communication when connecting to the repository, and some information that you should know about automatic configuration.

When you install Content Service, port 8443 is automatically configured for SSL communication between Solr and the repository. This means that the default setting is set to use client certificates for any authentication (the connector on port 8443 is configured with certificateVerification="required").

This causes complications when there’s communication between a browser protocol and the repository, because Tomcat requests a client certificate for that communication too.

You can still connect to the repository without a client certificate, however if a certificate is present (for example, if you’ve installed certificates in your Windows certificate store), then the certificate must be signed by the same Certificate Authority that’s used for authentication between the repository and Solr. If you select one of the Windows installed certificates, you won’t be able to progress, because the certificate isn’t one that’s expected for the Solr to repository communication. In this situation, you need to cancel the certificate window and then you can proceed. If you have no client certificates, you can use port 8443 without issues.

These topics discuss how to set up SSL for non-Solr communication with the repository, and the method that you use to configure SSL varies depending on whether you’re configuring your production or test environments. For example:

  • If you’re setting up a production environment, use a proxy server to handle SSL communication.
  • If you’re configuring a test environment, you might want to edit your configuration files directly (and listen for SSL on a port that’s not port 8443; for example, port 443).