You are here

Secure Sockets Layer (SSL) and the Alfresco repository

There are a number of ways to handle SSL communication when connecting to the Alfresco repository, and some information that you should know about automatic configuration in Alfresco.

When you install Alfresco, port 8443 is automatically configured for SSL communication between Solr and the Alfresco repository. This means that Alfresco, by default, is set to use client certificates for any authentication (the connector on port 8443 is configured with clientAuth="want").

This causes complications when there is communication between a browser protocol and the repository, because Tomcat requests a client certificate for that communication too; for example, when you are using Alfresco Office Services to connect between a Microsoft application and the Alfresco repository. For more information about Alfresco Office Services, see Installing and configuring Alfresco Office Services.

You can still connect to the repository without a client certificate, however if a certificate is present (for example, if you have installed certificates in your Windows certificate store), then the certificate must be signed by the same Certificate Authority that is used for authentication between the repository and Solr. If you select one of the Windows installed certificates, you will not be able to progress, because the certificate is not one that is expected for the Solr to repository communication. In this situation, you need to cancel the certificate window and then you can proceed. If you have no client certificates, you can use port 8443 without issues.

These topics discuss how to set up SSL for non-Solr communication with the Alfresco repository, and the method that you use to configure SSL varies depending on whether you are configuring your production or test environments. For example, if you are setting up a production environment, use a proxy server to handle SSL communication. If you are configuring a test environment, you might want to edit your configuration files directly (and listen for SSL on a port that is not port 8443; for example, port 443).

If you are interested in setting up SSL and security for Solr, this is discussed in detail in Solr 4 security.