In this Article, I am going to explain how to use SSL Wizard in AEM6.3 to enable SSL by default for AEM instances.
Before start explaining how to enable SSL in AEM, I want to share the necessity behind https implementation for current age websites. Initially we implemented SSL for pages that involves transactional data like payments, user credentials etc. Now we turn to the internet for everything. From selling to buying, it’s the high end digital-world. With this dominating trend, online security has become a necessity.
Recently I got a chance to read one article which stated “Don’t have an SSL Certificate? Google is going to flag your website this year!” When I gone through that article, came to know that “Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the ‘Not secure’ warning in the URL bar when users type data into HTTP sites”
In order to make websites that run in AEM secure, I searched for SSL implementation in AEM. Earlier if you wants to implement SSL for the whole website or for a particular page in AEM, manually you have to write an OSGi configuration and you have to force AEM to use the SSL port.
With AEM 6.3, Adobe has introduced a feature called SSL By Default. The purpose is to encourage the use of HTTPS to connect to AEM instances. Refer the below step by step procedure to enable SSL by default in AEM 6.3.
For DEMO purpose, I have used the Private Key File and SSL Cert File used in the Adobe Helpx Article. If you wants to implement SSL for the Production Environment, you needs to get an authorized SSL Certificate from a third Party Certificate Authority (CA) like verisign, geotrust etc. by raising a CSR request with Private Key generated for your Server.
For further details kindly refer, http://docs.rightscale.com/faq/How_do_I_create_an_SSL_certificate_for_my_web_server.html
Source of Reference :
Steps to Enable SSL by default in AEM Author Instance:
- Install AEM 6.3 and login to your author instance
- After logging in for the first time, see the notifications inbox on the top right side. Click View all
- Select “Configure HTTPS” and open
- In the Store Credentials section, it will prompt for key store password and trust store password. Give the password of your choice and keep it with you for future use and click NEXT
5. In the Key & Certificate section, it will prompt you to upload Private Key file in .DER format and SSL Certificate file in .CRT format and click NEXT
For local environment, either you can use the sample files available in Helpx article or you can create your own using Open SSL. For further details kindly refer,
https://helpx.adobe.com/experience-manager/kt/platform-repository/using/ssl-wizard-technical-video-use.html [To download Sample SSL certificate and to know how to use openSSL]
- In the SSL Connector section, choose a TCP Port for the HTTPS listener, between 1 and 65535 and click DONE
- Now you have successfully configured SSL by default in your AEM instance and It will show a pop up message “Go to HTTPS URL”
- When you click on Go to HTTPS URL, your instance will run in HTTPS port
As it is for Demo purpose, it’s showing https with Not Secure Label. When you install a valid SSL certificate signed by third party CA. It will show the trusted Secure Green Symbol for HTTPS Pages.
A service user called ssl-service has been created for this SSL feature. After the successful initial SSL setup, if you wants to update the SSL configuration this ssl-service user will help you.
Hit the User Admin Console. Search for ssl-service and click on Edit User Settings. Here you can change the key store and trust store passwords and also you can update/ add SSL certificates.
And also if you wants to change the HTTPS port and key store user, you can use the Granite SSL Connector Factory configuration available in the Web Console.
Finally your AEM site will become SSL Secured with better security options.
Hope this article would help. Looking forward for your comments and feedback!