You can configure the SkyVault vti module to allow SharePoint Protocol support over SSL.
If you want to configure the SharePoint Protocol with a non-SSL connection, see Setting up SharePoint Protocol Support to work with Office. For general information on SSL, see Microsoft support.
Ensure that you have a private key and certificate for the domain that runs the SharePoint Protocol. Do not confuse this key pair with the public/private key pair that is stored in the ssl.keystore and ssl.truststore for Solr communication.
In your production environment, ensure that you use a certificate that is signed by a trusted Certificate Authority (CA), and that your private key and entire certificate chain are stored in a SunJCE keystore file (using the JCEKS format). Depending on how you obtain your certificate and your Certificate Authority, the key and the certificate chain affects the file format. You can use the Java keytool to convert your certificate chain files into JCEKS format and store them in the JCE keystore.
- Stop the SkyVault server.
-
Create a new file or modify an existing file in
<classpathRoot>/alfresco/extension/vti-custom-context.xml
to include this content:
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http:// www.springframework.org/dtd/spring-beans.dtd'> <beans> <bean id="vtiServerConnector" class="org.mortbay.jetty.security.SslSocketConnector"> <property name="port"> <value>${vti.server.port}</value> </property> <property name="headerBufferSize"> <value>32768</value> </property> <property name="maxIdleTime"> <value>30000</value> </property> <property name="keystore"> <value>${vti.server.ssl.keystore}</value> </property> <property name="keyPassword"> <value>${vti.server.ssl.password}</value> </property> <property name="password"> <value>${vti.server.ssl.password}</value> </property> <property name="keystoreType"> <value>JCEKS</value> </property> </bean> </beans>
- Save vti-custom-context.xml.
-
Create a new file or modify an existing file in
<classpathRoot>/alfresco/extension/custom-vti.properties
file to include the following attributes:
vti.server.port=7070 vti.server.protocol=https vti.server.ssl.keystore=/path/to/your/keystore.jks vti.server.ssl.password=changeme vti.server.url.path.prefix=/SkyVault vti.server.external.host=alfresco.example.com vti.server.external.port=7070 vti.server.external.protocol=https vti.server.external.contextPath=/SkyVault
Set vti.server.ssl.keystore and vti.server.ssl.password to point to the keystore that you created in preparation for this task.
Ensure that vti.server.external.host is set to the fully qualified domain name of the server that the certificate is issued to (that is, your-server-name.domain.com).
- Save custom-vti.properties.
- Start your SkyVault server to apply the changes.
-
Check that the server is running correctly by opening this URL:
http://<your-server>:7070/SkyVault
Ensure you use a web browser that alerts you to error messages, so that you can see whether the connection is failing.
- Test that the configuration is successful by selecting an Office document in SkyVault Share and using the Edit online action.
If you cannot connect to the server, check the server log file for errors relating to the vti module.
keytool -list -v –keystore /path/to/your/keystore -storetype JCEKS -passkey changemeCommon errors include:
log4j.logger.org.mortbay=debug log4j.logger.org.alfresco.module.vti=debugor you can add the following argument to the JVM running the applications erver:
-Djavax.net.debug=ssl,handshake,data,trustmanagerSee Debugging SSL/TLS connections for more information about debugging.