I am running the community version of Afresco 5 on windows. I used the exe installer.
I have created a public cert and imported both the public ssl cert and the intermediate CA cert into the live trustsore and keystore. I have been reading documentation for several days and cannot find anywhere that describes how to make the Alfresco Share actually start using the new public cert.
Thanks for the reply. I have from the beginning generated public certs from letsencrypt.org with the subject name for my public site. I can't figure out how to make the alfresco website use that public certificate. I ran the script and replaced the built-in certs with new self-signed ones -- the new cert show up on the website but it's still not trusted because it's for "Alfresco Repository" instead of my public site's URL. My cert with the public url for a subject name is in the stores but the site will not use it.
The simplest is to rename that issued certificates asssl.repo.crtfor Alfresco side andssl.repo.client.crtfor SOLR side and then copy both them toCERTIFICATE_HOMEfolder set ingenerate_keystores.shscript. After that, comment or remove any line starting with"$JAVA_HOME/bin/keytool"and execute the script.
If I comment out everything starting with "$JAVA_HOME/bin/keytool" the script does nothing but set some environmental variables and tries the copy the files that it did not generate.. all the keystores and truststores...
First thing is that I'm never using this approach to provide SSL to Alfresco. Usually, I configure an Apache HTTPd or NGINX in front of Alfresco Tomcat and I include my SSL certificates in this HTTP server.
Anyway, if you want to configure your certificates using Tomcat, just create the stores and certificates described in the post by hand or by using Axel Faust script (included also in the post).
Sorry, but I'm afraid I cannot be clearer at this point.
Andrew Barzyk, the first thing to realize is that the SSL certificates you work with according to the Alfresco documentation are for internal communication of Alfresco repository with Solr (and vice versa). From your original question though, it looks like you want just to add a certificate to your Tomcat (or to an Apache proxy as mentioned by Angel Borroy) in a general way, so that clients (browsers) communicate with your Share application via SSL.
BTW If you let clients access Alfresco / Share only via a proxy like Apache, which is a recommended installation, you don't need to bother with the Alfresco-Solr certificates anymore provided that you block access to the Solr application and Alfresco Solr webscripts URLs by the proxy. This and more stuff around Solr is not quite clear from the official Alfresco documentation, IMO, so I don't wonder that one can get confused from it all...