Thursday, October 29, 2015

Alfresco Replacing default certificates and handling expiry


Alfresco logs shows following log if the certificates expire

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

To update the certificates follow the below steps
The $ALFRESCO_SOURCE_HOME/ is
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/

1. Backup the current keystore directory in alf_data
2. Remove the keystore directory from alf_data
3. Copy the keystore directory from Alfresco SVN $ALFRESCO_SOURCE_HOME/projects/repository/config/alfresco/keystore to alf_data
4. Remove the keystore directory from $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco
5. Copy the keystore directory from Alfresco SVN $ALFRESCO_SOURCE_HOME/projects/repository/config/alfresco/keystore to $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco
6. Copy...
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/archive-SpacesStore/conf/ssl.repo.client.keystore to alf_data/solr/archive-SpacesStore/conf/ssl.repo.client.keystore
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/archive-SpacesStore/conf/ssl.repo.client.truststore to alf_data/solr/archive-SpacesStore/conf/ssl.repo.client.truststore
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/workspace-SpacesStore/conf/ssl.repo.client.keystore to alf_data/solr/workspace-SpacesStore/conf/ssl.repo.client.keystore
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/workspace-SpacesStore/conf/ssl.repo.client.truststore to alf_data/solr/workspace-SpacesStore/conf/ssl.repo.client.truststore

Steps copied from https://wiki.alfresco.com/wiki/Replacing_Default_Certificate

Wednesday, October 28, 2015

Reset admin password in Alfresco 4.0.d

Reset admin password in Alfresco 4.0.d
Case1 : If you know the password of other user with admin role you can change directly by logging into the alfresco site

Case1 : Change admin password in postgres database

Login to alfresco instance and change directory to /opt/alfresco-4.0.d/postgresql/bin
# ./psql -U postgres
Password for user postgres:
postgres=#

To List databases
postgres=# \l
                                  List of databases
      Name    |  Owner   | Encoding |  Collation  |    Ctype    |   Access privileges
-----------+----------+----------+-------------+-------------+------------------------------------------------------


Connect to alfresco database
postgres=# \connect alfresco;
You are now connected to database "alfresco".
alfresco-#


Display tables
alfresco-# \dt

To list users and their passwords

alfresco-# SELECT anp1.node_id,
       anp1.qname_id,
       anp1.string_value as hash_pass,
       anp2.string_value as user_string
FROM alf_node_properties anp1
        INNER JOIN alf_qname aq1
           ON aq1.id       = anp1.qname_id
        INNER JOIN alf_node_properties anp2
           ON anp2.node_id = anp1.node_id
        INNER JOIN alf_qname aq2           
           ON aq2.id       = anp2.qname_id
WHERE aq1.local_name    = 'password'
AND aq2.local_name    = 'username';


 node_id | qname_id |            hash_pass             | user_string
---------+----------+----------------------------------+-------------
     555 |       10 | 0eeb8b5ee6e96f1a8443edfb1dfc36ad | mjackson
       4 |       10 | 50d4e7a47cf4a836e51cdbc335cb6f44 | admin

In alfresco passwords are stored as encrypted.

For 'admin' string the encrypted one is  209c6174da490caeb422f3fa5a7ae634 so we
Reset the password to admin and login to alfresco web and change password.
alfresco-# UPDATE alf_node_properties
 SET string_value='209c6174da490caeb422f3fa5a7ae634'
 WHERE
 node_id=4
 and
 qname_id=10
UPDATE 1

Queries copied from
http://keytocontent.blogspot.in/2011/09/resetting-forgotten-alfresco-admin.html





SSL certificate import

 Import SSL certificate to particular keystore


C:\Users\veeresh\Desktop\>keytool -import -alias xmpp3 -keypass changeit -keystore c:\Java\jdk1.8.0_20\jre\lib\security\cacerts -file c:\Users\veeresh\Desktop\vamanit.cloudapp.net.pem

List certificates in a keystore

C:\Users\veeresh\Desktop\>keytool -list -keystore cacerts

Generate .pem or .cer files for self signed websites using openssl

openssl s_client -connect vamanit.webiste.net:5222 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > xmpp.crt