Enable HTTPs in AEM 6.1

Enable Https for specific pages is a major challenge with most of the CMS, but AEM has encapsulated all the complexity. Configuring https in aem is very easy and one of the major requirement that now a days client demands.

After completing this tutorial you will be able to enable https on entire website or for specific pages of your website.

Below topics are covered in this tutorial :-

Lets understand how to enable http over ssl in aem or how to enable https in aem with the help of a use case.

Use Case: For example if you want all pages of Geometrix’s  outdoor to be open in http port but the pages under ‘men’ hierarchy to be open using secure https port.

crx-de-page-structure

This hierarchy illustrates the use case more clearly:

http-over-ssl-crxde-configuration

Create Credentials for Development:

  • Create a directory named ssl in the directory where the quickstart JAR file is located.
  • In the command prompt, type the following command to create the credential and keystore:
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore [quickstart_dir]/ssl/keystorename.keystore  -keypass key_password -storepass  storepassword -dname "CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country_ Code"
  • Key_password and storepassword are user defined password. Here I am taking password as 123456 .

Note: It is not mandatory to create ssh in the crx-quickstart folder, you can create it anywhere, but in the command you need to specify the absolute path and the same path while configuring the SSL.

Configure SSL on Author Instance:

  • Go to crxde and create a node of
    • Name – config.author
    • Type – nt:folder
  • Under this folder create a node with below details
    • Name – org.apache.felix.http
    • Type – sling:OsgiConfig
  • Add the following properties in the node.
NameTypeValue
 Org.apache.felix.debugbooleantrue
Org.apache.felix.https.enablebooleantrue
Org.apache.felix.https.keystoreStringcrxquickstart/ssl/keystorename.keystore
Org.apache.felix.https.keystore.keyStringcqse
Org.apache.felix.https.keystore.key.passwordString123456
Org.apache.felix.https.keystore.passwordString123456
Org.apache.felix.https.nioBooleantrue
Org.apache.felix.https.truststoreStringcrx-quickstart/ssl/keystorename.keystore
Org.apache.felix.https.truststore.passwordString123456
Org.osgi.service.http.port.secureLong4000 [ Note: This is the port no on which the https page will be opened]

configure-ssl-author-aem

Forcing the Use of the SSL Port

  • Go to /etc folder.
  • Create a new sling:folder with name as map.
  • Now under /etc/map create http node of type sling:folder.
  • Under that create a node
    • Name – localhost.4502
    • Type– sling:mapping.
  • Add below properties to this node:
    • Name: sling:redirect  Type : String   Value : https://localhost:4000
    • Name: sling:match  Type : String   Value : content/geometrixx-outdoor/en/men/(.*).html
  • Click Save ALL , your all pages will be automatically open with https domain .

Below hierarchy explains above steps more clearly:

sling-mapping-https-crxde-configuration-aem

Note : Sometimes it will not work and if you see logs it will show an error “port is already used”.So at this time just go for another port as i have taken 4000 port number here.

load-selected-pages-over-https-aem

But question comes why we are doing all this? What’s the advantages of using http over ssl ?

Its reason is very simple because Https is far more secure than http. If there is a usecase in which more secure data (e.g online transaction or confidential information) needs to transfer, then we can use ssl over http.

  • HTTPS ensures integrity of your website.
  • HTTPS ensures the privacy and security of your users and their personal information.

You can download the complete package for this use case from here and then you can modify it according to your needs.

Please drop a comment to us, if you face any issue in configuring or enabling https in aem.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *