Help

change certificates in alfresco 7.2 docker ngnix

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
javico1
Active Member II
‎24 Jul 2024 3:03 PM

change certificates in alfresco 7.2 docker ngnix

Jump to solution

 Hello guys, I have a question. I have installed alfresco 7.2 with docker using https and ngnix.
I need to change the certificates that come with my own certificates for certificates self-generated
by our company's CA. Inside the ngnix folder there are subfolders that have two certificates, a crt
and a .key at the same time. Changing it to autogenerated ones doesn't make me feel better.
Any suggestions on how to change them. Greetings and thanks in advance.

0 Kudos
Reply
1 Solution

Accepted Solutions
javico1
Active Member II
‎29 Jul 2024 5:38 PM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

The solution to use another ca or certifying entity is to first use a 2048 bit key, then use the key name the same as the one generated, generate the certificate in a pem .cer and paste them in the ngnix cert folder.

View solution in original post

0 Kudos
Reply
6 Replies
fedorow
Senior Member II
‎29 Jul 2024 8:31 AM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

If you are using Alfresco Docker installer folder structure and your docker compose proxy service looks like this:

    proxy:
        image: nginx:stable-alpine
        ...
        volumes:
            - ./config/nginx.conf:/etc/nginx/nginx.conf
            - ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd 
            - ./config/cert/localhost.cer:/etc/nginx/localhost.cer
            - ./config/cert/localhost.key:/etc/nginx/localhost.key 
        ports:
            - 443:443

then go to the Alfresco project folder (where docker-compose.yml is) and execute next:

openssl genpkey -algorithm RSA -out ./config/cert/localhost.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key ./config/cert/localhost.key -out ./config/cert/localhost.cer
openssl x509 -req -days 365 -in ./config/cert/localhost.cer -signkey ./config/cert/localhost.key -out ./config/cert/localhost.cer

Restart 'proxy' service to apply new certificate.

Hope you will feel better.

0 Kudos
Reply
javico1
Active Member II
‎29 Jul 2024 3:55 PM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

  I want to add a certificate generated by a certifying authority in my country, not generate a self-signed certificate by openssl, my question is, I delete the ngnix certificates and add the same name that they had to my certificates but it doesn't work, what should I do, how do I change the certifying entity..

0 Kudos
Reply
javico1
Active Member II
‎29 Jul 2024 3:57 PM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

And those commands are placed inside the docker-compose.yml or in my case I am using Ubuntu, that is, a cd inside the project and I execute the command, sorry for the inconvenience, I am new to this project

0 Kudos
Reply
fedorow
Senior Member II
‎29 Jul 2024 4:08 PM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

There could be two causes:

1. NGINX requires the SSL key and certificate to be in PEM (Privacy Enhanced Mail) format. Convert it if you have another format.

2. Sometime you must add the full certificate chain. It depands on your certificate authority proveder and goes far from Alfresco. Add full chain or consult with your CA proveder.

0 Kudos
Reply
javico1
Active Member II
‎29 Jul 2024 4:46 PM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

but in ngnix cert there are only two certificates, the key, that is, the .key and the .cert, there is no .pem

0 Kudos
Reply
javico1
Active Member II
‎29 Jul 2024 5:38 PM

Re: change certificates in alfresco 7.2 docker ngnix

Jump to solution

The solution to use another ca or certifying entity is to first use a 2048 bit key, then use the key name the same as the one generated, generate the certificate in a pem .cer and paste them in the ngnix cert folder.

0 Kudos
Reply
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.