Securing Adobe connect Server and CQ
Server
To Enable SSL on Connect Server and CQ server (Index)
•
•
•
•
•
•
Configure custom.ini File
Uncomment the SSL TAGs in Server.xml file.
Configure the Four components of connect and CO together on port 443.
o Application Server
o Meeting Server
o CO-Author Server
o CO-Publish Server
Make sure the Server URL under CRX (C0-5) which is the Java content Repository tool would
point to https instead of pointing to port 80. This applies on both CO-Author server ( 4502 ) and
CO-Publish server ( 4503 )
Make sure the CRX configuration for Day CO Link Externalize and Day CO WCM Page Statistics
would point to the right FODN after enabling the SSL. This applies to both the CO-Author Server
and CO Publish Server.
Import the Certificates which are used to configure SSL in the JRE folder or connect 9. (This is due
to a bug which we have already fixed in later versions of connect 9 therefore if you are on 9.0.0.1,
only then apply this else not required)
CONFIGURE CUSTOM.IN! FILE
The Normal Custom.ini file would look like as shown below: You will see the CQ-Author and CQ-Publish
server pointing to port 4502 and 4503 with a common FQDN as admin host, if we are using only one IP
address.
� custom.ini - Notepad
File
Edit
Format
View
Help
L
=
I @) l�I
# General CP Features And Settings
SERIAL KEV
LANG.=en
N Enrter the FQDN (Fully Qual;f;ed ooma;n N ame) of your Ado be conn ect server. Do not ;nc lude
ex amp le : connect.rnycom p an y. com.
��j�����T��o��!�t�f����c���m
H Enrter the domain name of the SMTP host. A test e-mail will be sent if the mail server has been
properly configured. If this field is left blank, Adobe connect will not be configured "to send
e-mails.
SMTP HOST
# Enter a system e-mail address. This is the e-mail address that appears in the ·1:0· field for
e-mails sen� by the Adobe connect server.
[email protected]
# tn�er a link for support requests. This link appears in e-mails sent by the Adobe connect
server. The link can either be a URL to a support site or the e-mail address of a support
engineer.
SUPPORT_�[email protected]
BCC LANG.=en
# other sett;ngs
TELEPHONY_SERVICE_SHAREO_SECRET=#v1.#0oos 1j .::J 2uN8-=
OB_H0ST=10.40.214.225
DB_PORT=1433
DB_NAME=W;nsevenconnectN;ne
DB_USER=sa
DB_PASSWORD=HV1HC 7 7 aWQzPXs4Z L nQP pS4f a�
# As configured in the load balancer
CQ_AUTHOR_SERVER=h�tp://connectnine.ac.com:4502
# As con-figured in the load balancer
CQ__PUBLISH_SERVER=http://connectnine.ac.com:4503
DB_PREFIX=breez
To enable SSL we need to add few lines and modify few lines in the custom.ini file as shown in the next
picture below:
Since we need the admin host to use https protocol we add " ADMIN_PROTOCOL=https://"
To enable SSL we set "SSL_ONLY=yes"
To ensure that the meeting server when called should hit the port 443 we use a TAG
"RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/"
CQ_Author_Server would change to https://connectnineauth.ac.com instead of
http://connectnine.ac.com:4502. Reason being we are mapping the CQ_Author Server with an
individual IP address on port 443, therefore we are setting a different FQDN with protocol
"https" and similar domain as (* .ac.com)
Similarly for CQ_Publish_Server the value would set to https:ljconnectninepub.ac.com instead
of http://connectnine.ac.com:4503
Note:
❖
Note:
“wil ca ”
This is for CQ-Author:
This is for CQ-Publish:
Note:-
Externalizer
’
Note
Note:
This Step is Not Mandatory because this has been fixed in later versions of connect 9, therefore if you
are not on connect 9.0.0.1 and planning to apply patches then ignore this step:
C:\ connect\ 9.0.0.1\ jre\ bin
3.
the JRE folder which is located in connect folder at
C:\ connect\ 9.0.0.1\ jre\ bin
4.
c:\ connect\ 9.0.0.1\ jre\ bin
“ke ool
ke s ore cacer s”.
Note:- Highlighted connect is used as an alias ,therefore you can use any terminology over
here.
“ If there is alrea y a file existing, copy an replace it”