Thursday, October 29, 2015

Alfresco Replacing default certificates and handling expiry


Alfresco logs shows following log if the certificates expire

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

To update the certificates follow the below steps
The $ALFRESCO_SOURCE_HOME/ is
https://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/

1. Backup the current keystore directory in alf_data
2. Remove the keystore directory from alf_data
3. Copy the keystore directory from Alfresco SVN $ALFRESCO_SOURCE_HOME/projects/repository/config/alfresco/keystore to alf_data
4. Remove the keystore directory from $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco
5. Copy the keystore directory from Alfresco SVN $ALFRESCO_SOURCE_HOME/projects/repository/config/alfresco/keystore to $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco
6. Copy...
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/archive-SpacesStore/conf/ssl.repo.client.keystore to alf_data/solr/archive-SpacesStore/conf/ssl.repo.client.keystore
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/archive-SpacesStore/conf/ssl.repo.client.truststore to alf_data/solr/archive-SpacesStore/conf/ssl.repo.client.truststore
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/workspace-SpacesStore/conf/ssl.repo.client.keystore to alf_data/solr/workspace-SpacesStore/conf/ssl.repo.client.keystore
$ALFRESCO_SOURCE_HOME/projects/solr/source/solr/instance/workspace-SpacesStore/conf/ssl.repo.client.truststore to alf_data/solr/workspace-SpacesStore/conf/ssl.repo.client.truststore

Steps copied from https://wiki.alfresco.com/wiki/Replacing_Default_Certificate

No comments:

Post a Comment