Enable HTTPs in AEM 6.1
Enable Https for specific pages is a major challenge with most of the CMS, but AEM has encapsulated all the complexity. Configuring https in aem is very easy and one of the major requirement that now a days client demands.
After completing this tutorial you will be able to enable https on entire website or for specific pages of your website.
There are two ways to achieve it :-
- Through OSGI service Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https]
- Through crxde by manually creating the node. [Move selected pages of author instance to https]
Both options has itws own advantaes and it depends upon the requirement which approach you should follow .Personally i prefer option 1 lets see how to enable https in aem using both options:-
For both approaches we need to create key store file.
How to create credential for ssl development.
Through OSGI service Apache Felix Jetty Based Http Service
Through OSGI service Apache Felix Jetty Based Http Service. [Move entire author or publish instance to https]
- Go to Felix console system configurations http://localhost:4502/system/console/configMgr
- Search for Apache Felix Jetty Based Http Service.
- Open Apache Felix Jetty Based Http Service configuration.
- Enter below details
- Click Save.
Note:- If you get an ajax error on saving check error logs and make sure you are not getting error of port already in use. If port is not available try saving the configuration with some other port name.
You will get Address bind already in use exception as shown below. If port is already in use:-
That’s it you are done, now you can open your author instance over ssl.
Through crxde by manually creating the node.
Through crxde by manually creating the node. [Move selected pages of author instance to https]
Lets understand how to enable http over ssl in aem or how to enable https in aem with the help of a use case.
Use Case: For example if you want all pages of Geometrix’s outdoor to be open in http port but the pages under ‘men’ hierarchy to be open using secure https port.
This hierarchy illustrates the use case more clearly:
Create Credentials for Development:
- Create a directory named ssl in the directory where the quickstart JAR file is located.
- In the command prompt, type the following command to create the credential and keystore:
keytool -genkeypair -keyalg RSA -validity 3650 -alias cqse -keystore [quickstart_dir]/ssl/keystorename.keystore -keypass key_password -storepass storepassword -dname "CN=Host Name, OU=Group Name, O=Company Name,L=City Name, S=State, C=Country_ Code"
- Key_password and storepassword are user defined password. Here I am taking password as 123456 . You command should look like below screenshot:-
Note: It is not mandatory to create ssh in the crx-quickstart folder, you can create it anywhere, but in the command you need to specify the absolute path and the same path while configuring the SSL.
Configure SSL on Author Instance:
- Go to crxde –> create a folder under apps by
- Name – config.author
- Type: sling:folder
- Under this folder create a node with below details
- Name – org.apache.felix.http
- Type – sling:OsgiConfig
- Add the following properties in the node.
Name | Type | Value |
org.apache.felix.debug | boolean | true |
org.apache.felix.https.enable | boolean | true |
org.apache.felix.https.keystore | String | [crxquickstart path]/ssl/keystorename.keystore |
org.apache.felix.https.keystore.key | String | cqse |
org.apache.felix.https.keystore.key.password | String | 123456 |
org.apache.felix.https.keystore.password | String | 123456 |
org.apache.felix.https.nio | Boolean | true |
org.apache.felix.https.truststore | String | [crxquickstart path]/ssl/keystorename.keystore |
org.apache.felix.https.truststore.password | String | 123456 |
org.osgi.service.http.port.secure | Long | 5404 [ Note: This is the port no on which the https page will be opened] Note:- Please check error logs to confirm this port is not in use if you getting any error. |
Note:- In above screenshot also org.apache.felix.https.keystore and org.apache.felix.https.truststore value should be absolute path like:- C:/Ankur/AEM/crxquickstart/ssl/keystorename.keystore
Forcing the Use of the SSL Port
- Go to /etc folder.
- Create a new sling:folder with name as map.
- Now under /etc/map create http node of type sling:folder.
- Under that create a node
- Name – localhost.4502
- Type– sling:mapping.
- Add below properties to this node:
- Name: sling:redirect Type : String Value : https://localhost:5404
- Name: sling:match Type : String Value : content/geometrixx-outdoor/en/men/(.*).html
- Click Save ALL , your all pages will be automatically open with https domain .
Below hierarchy explains above steps more clearly:
Note : Sometimes it will not work and if you see logs it will show an error “port is already used”.So at this time just go for another port as i have taken 4000 port number here.
Testing localhost is now moved to HTTPS or not:-
But question comes why we are doing all this? What’s the advantages of using http over ssl ?
Its reason is very simple because Https is far more secure than http. If there is a usecase in which more secure data (e.g online transaction or confidential information) needs to transfer, then we can use ssl over http.
- HTTPS ensures integrity of your website.
- HTTPS ensures the privacy and security of your users and their personal information.
You can download the complete package for this use case from here and then you can modify it according to your needs.
Please drop a comment to us, if you face any issue in configuring or enabling https in aem.
Leave a Reply