如何在内网通过自签名证书开启Https访问

  • A+
所属分类:使用集成

1、停止Alfresco服务

2、修改alfresco-community\tomcat\shared\classes\alfresco-global.properties

alfresco.context=alfresco
alfresco.host=127.0.0.1
alfresco.port=8443
alfresco.protocol=https

share.context=share
share.host=127.0.0.1
share.port=8443
share.protocol=https

3、修改alfresco-community\alf_data\keystore\generate_keystores.bat(若为Linux系统,则修改sh文件)

@rem Alfresco installation directory
set ALFRESCO_HOME=D:\alfresco-community
@rem The repository server certificate subject name, as specified in tomcat\conf\tomcat-users.xml with roles="repository"
set REPO_CERT_DNAME=CN=idoc.com, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB
@rem The SOLR client certificate subject name, as specified in tomcat\conf\tomcat-users.xml with roles="repoclient"
set SOLR_CLIENT_CERT_DNAME=CN=idoc.com, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB

ALFRESCO_HOME根据Alfresco实际安装目录修改

REPO_CERT_DNAME和SOLR_CLIENT_CERT_DNAME的CN设置为服务器绑定的域名

4、修改alfresco-community\tomcat\conf\tomcat-users.xml

<user username="CN=idoc.com, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repoclient" password="null"/>
<user username="CN=idoc.com, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB" roles="repository" password="null"/>

CN的值与步骤3中CN设置的域名相同

5、执行步骤3修改好的文件,生成证书

6、复制C:\Users{电脑当前用户}下的ssl.repo.client.keystore、ssl.repo.client.truststore到alfresco-community\solr4\archive-SpacesStore\conf和alfresco-community\solr4\workspace-SpacesStore\conf,并覆盖源文件。

7、重启Alfresco服务

使用自签名证书在新版chrome和firefox浏览器下,第一次访问可能会报连接不安全的提示,以chrome浏览器为例,点击高级-继续前往即可

发表评论

您必须才能发表评论!