Securing Adobe connect Server and CQ

Server

To Enable SSL on Connect Server and CQ server (Index)

• Configure custom.ini File

• Uncomment the SSL TAGs in Server.xml file.

• Configure the Four components of connect and CO together on port 443.

o Application Server

o Meeting Server

o CO-Author Server

o CO-Publish Server

• Make sure the Server URL under CRX (C0-5) which is the Java content Repository tool would

point to https instead of pointing to port 80. This applies on both CO-Author server ( 4502 ) and

CO-Publish server ( 4503 )

• Make sure the CRX configuration for Day CO Link Externalize and Day CO WCM Page Statistics

would point to the right FODN after enabling the SSL. This applies to both the CO-Author Server

and CO Publish Server.

• Import the Certificates which are used to configure SSL in the JRE folder or connect 9. (This is due

to a bug which we have already fixed in later versions of connect 9 therefore if you are on 9.0.0.1,

only then apply this else not required)

CONFIGURE CUSTOM.IN! FILE

The Normal Custom.ini file would look like as shown below: You will see the CQ-Author and CQ-Publish

server pointing to port 4502 and 4503 with a common FQDN as ad min host, if we are using only one IP

address.

� custom.ini - Notepad L = I @) l�I

File Edit Format View Help

# General CP Features And Settings SERIAL KEV LANG.=en

N Enrter the FQDN (Fully Qual;f;ed ooma;n N ame) of your Adobe connect server. Do not ;nclude

��j�����T��o��!�t�f����c���mexamp le : connect.rnycompany. com.

H Enrter the domain name of the SMTP host. A test e-mail will be sent if the mail server has been properly configured. If this field is left blank, Adobe connect will not be configured "to send e-mails. SMTP HOST

# Enter a system e-mail address. This is the e-mail address that appears in the ·1:0· field for e-mails sen� by the Adobe connect server. SYSTEM_EMAIL=auppal@adobe.com

# tn�er a link for support requests. This link appears in e-mails sent by the Adobe connect server. The link can either be a URL to a support site or the e-mail address of a support engineer. SUPPORT_�MAIL=auppal@adobe.com BCC LANG.=en

# other sett;ngs TELEPHONY _SERVICE_SHAREO_SECRET=#v1.#0oos 1j .::J 2uN8-= OB_H0ST=10.40.214.225 DB_PORT=1433 DB_NAME=W;nsevenconnectN;ne DB_USER=sa DB_P AS SWORD=HV1HC 7 7 aWQzPXs4Z L nQP pS4f a�

# As configured in the load balancer CQ_AUTHOR_SERVER=h�tp://connectnine.ac.com:4502

# As con-figured in the load balancer CQ__PUBLISH_SERVER=http://connectnine.ac.com:4503

DB_PREFIX=breez

To enable SSL we need to add few lines and modify few lines in the custom.ini file as shown in the next

picture below:

Since we need the admin host to use https protocol we add " ADMIN_PROTOCOL=https://"

To enable SSL we set "SSL_ONLY=yes"

To ensure that the meeting server when called should hit the port 443 we use a TAG

"RTMP _SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/"

CQ_Author_Server would change to https://connectnineauth.ac.com instead of

http://connectnine.ac.com:4502. Reason being we are mapping the CQ_Author Server with an

individual IP address on port 443, therefore we are setting a different FQDN with protocol

"https" and similar domain as (* .ac.com)

Similarly for CQ_Publish_Server the value would set to https:ljconnectninepub.ac.com instead

of http://connectnine.ac.com:4503

Note:

❖

Note:

“wil ca ”

This is for CQ-Author:

This is for CQ-Publish:

Note:- Externalizer

’

Note

Note:

This Step is Not Mandatory because this has been fixed in later versions of connect 9, therefore if you

are not on connect 9.0.0.1 and planning to apply patches then ignore this step:

C:\ connect\ 9.0.0.1\ jre\ bin

3. the JRE folder which is located in connect folder at C:\ connect\ 9.0.0.1\ jre\ bin

4. c:\ connect\ 9.0.0.1\ jre\ bin

“ke ool

ke s ore cacer s”.Note:- Highlighted connect is used as an alias ,therefore you can use any terminology over here.

“ If there is alrea y a file existing, copy an replace it”