Create an RSA-4096 key and save it to a file rootCA.key openssl.exe genrsa -aes256 -out rootCA.key 4096
Create a root certificate through the key generated openssl.exe req -x509 -new -nodes -key rootCA.key -sha256 -days 1460 -out rootCA.pem -config server.csr.cnf
Create a private key and CSR for local Certificare openssl.exe req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf
Issue a certificate via the root SSL certificate and the CSR openssl.exe x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
Convert the Private Key to DER format openssl.exe pkcs8 -topk8 -inform PEM -outform DER -in server.key -out server_key.der -nocrypt
http://localhost:4502/libs/granite/security/content/sslConfig.html
Add/Trust Root Certificate to Windows Cert Manager certutil -addstore -f "ROOT" rootCA.pem
Configure SSL Through Curl curl -u admin:admin -F "keystorePassword=password" -F "keystorePasswordConfirm=password" -F "truststorePassword=password" -F "truststorePasswordConfirm=password" -F "privatekeyFile=@server_key.der" -F "[email protected] " -F "httpsHostname=localhost" -F "httpsPort=8443" http://localhost:4502/libs/granite/security/post/sslSetup.html
Key Store Path - /home/users/system/security/ssl-service/keystore/store.p12
Trust Store Path - /etc/truststore/truststore.p12 OSGI Config URL - https://localhost:8443/system/console/configMgr/com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory etc/map HTTP to HTTPS redirect {
"jcr:primaryType": "sling:Folder",
"jcr:createdBy": "admin",
"jcr:created": "Mon Jan 11 2021 22:44:56 GMT-0600",
"localhost.4502": {
"jcr:primaryType": "sling:Mapping",
"jcr:createdBy": "admin",
"jcr:created": "Mon Jan 11 2021 22:53:22 GMT-0600",
"redirect": {
"jcr:primaryType": "sling:Mapping",
"jcr:createdBy": "admin",
"sling:redirect": "https://localhost:8443/$1",
"jcr:created": "Mon Jan 11 2021 22:53:39 GMT-0600",
"sling:match": "(.*)"
}
}
}
