Tomcat 使用HTTPS和共享点协议配置alfresco

我已将alfresco配置为在端口443上使用HTTPS。 由于tomcat使用APR连接器，我必须为SSL连接生成一个.cer文件和.key文件（而不是.keystore文件） 我参考了以下链接：

以下是my server.xml文件中的设置：

<Connector
       protocol="HTTP/1.1"
       port="443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       SSLCertificateFile="/root/mycompany.crt"
       SSLCertificateKeyFile="/root/mycompany.key"
       SSLVerifyClient="optional" SSLProtocol="TLSv1"/> 

现在，除了MS Office在线编辑部分外，其他部分工作正常

有人能告诉我vti共享点协议部分应该包含哪些配置吗

vti.server.port=7070
vti.server.protocol=https
vti.server.ssl.keystore=/opt/alfresco-4.2.2/alf_data/keystore/ssl.keystore
vti.server.ssl.password=kT9X6oe68t
vti.server.url.path.prefix=/alfresco
vti.server.external.host=localhost
vti.server.external.port=7070
vti.server.external.protocol=https
vti.server.external.contextPath=/alfresco

请帮忙。

---

谢谢

对于真正的sharepoint协议SSL，您需要覆盖vtiServerConnectorbean，如下所示：

<!-- Use this Connector instead for SSL communications -->
<!-- You will need to set the location of the KeyStore holding your -->
<!-- server certificate, along with the KeyStore password -->
<!-- You should also update the vti.server.protocol property to https -->

<bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector">
    <property name="port">
        <value>${vti.server.port}</value>
    </property>
    <property name="headerBufferSize">
        <value>8192</value>
    </property>
    <property name="maxIdleTime">
        <value>30000</value>
    </property>
    <property name="keystore">
        <value>${vti.server.ssl.keystore}</value>
    </property>
    <property name="keyPassword">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="password">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="keystoreType">
        <value>JCEKS</value>
    </property>
</bean>

${vti.server.port}
8192
30000
${vti.server.ssl.keystore}
${vti.server.ssl.password}
${vti.server.ssl.password}
JCEKS

将alfresco-global.properties中的vti.server.external.protocol更改为https

---

并设置正确的值voorvti.server.ssl.keystore和vti.server.ssl.password对于真正的sharepoint协议ssl，您需要覆盖vtiServerConnectorbean，如下所示：

<!-- Use this Connector instead for SSL communications -->
<!-- You will need to set the location of the KeyStore holding your -->
<!-- server certificate, along with the KeyStore password -->
<!-- You should also update the vti.server.protocol property to https -->

<bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector">
    <property name="port">
        <value>${vti.server.port}</value>
    </property>
    <property name="headerBufferSize">
        <value>8192</value>
    </property>
    <property name="maxIdleTime">
        <value>30000</value>
    </property>
    <property name="keystore">
        <value>${vti.server.ssl.keystore}</value>
    </property>
    <property name="keyPassword">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="password">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="keystoreType">
        <value>JCEKS</value>
    </property>
</bean>

${vti.server.port}
8192
30000
${vti.server.ssl.keystore}
${vti.server.ssl.password}
${vti.server.ssl.password}
JCEKS

将alfresco-global.properties中的vti.server.external.protocol更改为https

---

并设置正确的值voorvti.server.ssl.keystore和vti.server.ssl.password对于真正的sharepoint协议ssl，您需要覆盖vtiServerConnectorbean，如下所示：

<!-- Use this Connector instead for SSL communications -->
<!-- You will need to set the location of the KeyStore holding your -->
<!-- server certificate, along with the KeyStore password -->
<!-- You should also update the vti.server.protocol property to https -->

<bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector">
    <property name="port">
        <value>${vti.server.port}</value>
    </property>
    <property name="headerBufferSize">
        <value>8192</value>
    </property>
    <property name="maxIdleTime">
        <value>30000</value>
    </property>
    <property name="keystore">
        <value>${vti.server.ssl.keystore}</value>
    </property>
    <property name="keyPassword">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="password">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="keystoreType">
        <value>JCEKS</value>
    </property>
</bean>

${vti.server.port}
8192
30000
${vti.server.ssl.keystore}
${vti.server.ssl.password}
${vti.server.ssl.password}
JCEKS

将alfresco-global.properties中的vti.server.external.protocol更改为https

---

并设置正确的值voorvti.server.ssl.keystore和vti.server.ssl.password对于真正的sharepoint协议ssl，您需要覆盖vtiServerConnectorbean，如下所示：

<!-- Use this Connector instead for SSL communications -->
<!-- You will need to set the location of the KeyStore holding your -->
<!-- server certificate, along with the KeyStore password -->
<!-- You should also update the vti.server.protocol property to https -->

<bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector">
    <property name="port">
        <value>${vti.server.port}</value>
    </property>
    <property name="headerBufferSize">
        <value>8192</value>
    </property>
    <property name="maxIdleTime">
        <value>30000</value>
    </property>
    <property name="keystore">
        <value>${vti.server.ssl.keystore}</value>
    </property>
    <property name="keyPassword">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="password">
        <value>${vti.server.ssl.password}</value>
    </property>
    <property name="keystoreType">
        <value>JCEKS</value>
    </property>
</bean>

${vti.server.port}
8192
30000
${vti.server.ssl.keystore}
${vti.server.ssl.password}
${vti.server.ssl.password}
JCEKS

将alfresco-global.properties中的vti.server.external.protocol更改为https

---

并设置正确的值voorvti.server.ssl.keystore和vti.server.ssl.password

，这两个值是在与Alfresco文档进行了数周的斗争（其步骤与实际工作的步骤明显不同）和在线链接的帮助后设置的，我最终能够使用GoDaddy CA的证书在Linux操作系统上的Alfresco中配置HTTPS和sharepoint协议

以下是详细的步骤列表：

生成密钥库 keytool–keysize 2048–genkey–别名tomcat–keyalg RSA–keystore tomcat.keystore

产生企业社会责任 keytool–certreq–keyalg RSA–别名tomcat–文件csr.csr–keystore tomcat.keystore

从GoDaddy获得证书

从他们的站点下载根证书；gdroot-g2.crt

安装根证书 keytool–导入–别名根–密钥库tomcat.keystore–信任库certs–文件gdroot-g2.crt

安装中间证书 keytool–导入–别名intermed–keystore tomcat.keystore–trustcacerts–文件gdig2.crt

安装颁发的证书 keytool–import–别名tomcat–keystore tomcat.keystore–trustcacerts–file domain.crt

server.xml中的更改

用于SSL的端口443 添加一个新接头443

      <Connector port="443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore" keystorePass="changeit" keystoreType="JKS" secure="true" connectionTimeout="240000" truststoreFile="/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore" truststorePass="changeit" truststoreType="JKS" clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" /> 

将重定向端口添加到普通8080端口

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" maxHttpHeaderSize="32768" />

九,。重新启动tomcat。现在alfresco应该可以使用https了

更新alfresco-global.properties vti.server.port=7070 vti.server.protocol=https vti.server.ssl.keystore=/opt/alfresco-4.2.3.1/tomcat/tomcat.keystore vti.server.ssl.password=changeit vti.server.url.path.prefix=/alfresco vti.server.external.host=servername.domain.com vti.server.external.port=7070 vti.server.external.protocol=https vti.server.external.contextPath=/alfresco

更改tomcat/webapps/alfresco/WEB中的vti-context.xml文件-
INF/classes/alfresco/module/org.alfresco.module.vti/context/vti-context.xml格式如下： 注释掉现有的“vtiServerConnector”bean，并取消注释 class=“org.mortbay.jetty.security.SslSocketConnector”>

---

在与Alfresco文档进行了数周的斗争（其步骤与实际工作的步骤明显不同）和在线链接的帮助后，我最终能够在Linux操作系统上的Alfresco中使用sharepoint协议配置HTTPS，并获得GoDaddy CA的证书

以下是详细的步骤列表：

生成密钥库 keytool–keysize 2048–genkey–别名tomcat–keyalg RSA–keystore tomcat.keystore

产生企业社会责任 keytool–certreq–keyalg RSA–别名tomcat–文件csr.csr–keystore tomcat.keystore

从GoDaddy获得证书

从他们的站点下载根证书；gdroot-g2.crt

安装根证书 keytool–导入–别名根–密钥库tomcat.keystore–信任库certs–文件gdroot-g2.crt

安装中间证书 keytool–导入–alias intermed–keyst