Configuring the SSL Certificate
This appendix provides the steps to configure the SSL Certificate that you already obtained from your SSL Certificate Authority.
You can skip the configuration steps in this appendix if you are using a self-signed certificate, which you generated using the Configuration Manager, when you configured the AEM installation. See
Configuring the AEM Installation.
Add Certificate to the JBoss KeyStore
For the commands in the steps that follow, make sure that you are aware of the following:
• Modify the arguments that are surrounded by brackets ([ ]) to match your own file names.
• The use of the caret “^” at the end of the line indicates a continuation of the current line in Windows Command Prompt. It is similar to the use of a backslash “\” at the end of a Linux command line.
• When prompted for the KeyStore password, enter the password that you set during the AEM configuration.
• Use the keytool that is located in the JAVA_HOME\jre\bin directory that is used by JBoss.
1. Open the Administrator Command Prompt, and run the following command to back up the aemformses.keystore file:
cd [AEM Installation]\jboss\standalone\configuration
copy aemformses.keystore aemformses.keystore.BACKUP
2. To install the Root Certificate into the Java Keystore file, enter the following command:
keytool -import -trustcacerts -alias root -file ^
[root certificate].crt -keystore aemformses.keystore
The Root Certificate is verified and you are prompted to accept trust in that certificate.
3. To accept trust in the certificate, type y or yes.
4. To import the Intermediate Certificate into the Java Keystore file, enter the following commands:
keytool -import -trustcacerts -alias intermediate ^
-file [intermediate certificate].crt ^
-keystore aemformses.keystore
The Intermediate Certificate is verified and you are prompted to accept trust in the certificate.
5. To accept trust in the certificate, type y or yes.
6. To import your SSL Certificate into the Java Keystore file, enter the following commands:
keytool -import -trustcacerts -alias aemformscert ^
-file [Your Certificate].crt ^
-keystore aemformses.keystore
The SSL Certificate is verified and you are prompted to accept trust in the certificate.
7. To accept trust in the certificate, type y or yes.
Configuring the SSL Certificate
1. Open the file <AEM Installation>\jboss\standalone\configuration\lc_turnkey.xml in a text editor.
2. After the <security-realms> section add the following, being sure to replace [AEM Installation] with the directory of your AEM Installation.
<security-realm name="SSLRealm">
<server-identities>
<ssl>
<keystore path="[AEM Installation]/jboss/standalone/
configuration/aemformses.keystore"
keystore-password="adobe"
alias="AEMformsCert"
key-password="adobe"/>
</ssl>
</server-identities>
</security-realm>
3. Locate the <server> section, and after <http-listener name="default" socket-binding="http" redirect-socket="https" max-post-size="104857600"/> add the following command:
<https-listener name="default-secure" socket-binding="https" security-realm="SSLRealm"/>
4. Change the value of the KeystoreFile attribute and the KeystorePass attribute to the Keystore password that you specified when you created the keystore.
5. Complete the following steps to restart the application server:
a. From the Windows Control Panel, click Administrative Tools, then click Services.
b. Select JBoss for Adobe Experience Manager forms.
c. Select > .
d. Wait for the status of the service to appear as stopped.
e. Select > .
6. To access administration console using SSL, type https://[host name]:8443/adminui in the web browser.
For more information, see the configuration for JBoss Application Server on the
Adobe website.