{"id":25353938,"url":"https://github.com/aborroy/alfresco-mtls-debugging-kit","last_synced_at":"2026-04-29T17:03:15.530Z","repository":{"id":229182990,"uuid":"776040963","full_name":"aborroy/alfresco-mtls-debugging-kit","owner":"aborroy","description":"Set of tools to debug mTLS configuration issues when installing Alfresco Services using mTLS protocol","archived":false,"fork":false,"pushed_at":"2024-04-12T08:59:22.000Z","size":760,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-14T19:56:05.961Z","etag":null,"topics":["alfresco","docker-compose","mtls-authentication","step-ca"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aborroy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-22T15:01:47.000Z","updated_at":"2024-05-17T13:07:15.000Z","dependencies_parsed_at":"2024-04-08T11:57:02.557Z","dependency_job_id":null,"html_url":"https://github.com/aborroy/alfresco-mtls-debugging-kit","commit_stats":null,"previous_names":["aborroy/alfresco-mtls-debugging-kit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-mtls-debugging-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-mtls-debugging-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-mtls-debugging-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-mtls-debugging-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aborroy","download_url":"https://codeload.github.com/aborroy/alfresco-mtls-debugging-kit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247958705,"owners_count":21024821,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alfresco","docker-compose","mtls-authentication","step-ca"],"created_at":"2025-02-14T19:56:07.656Z","updated_at":"2026-04-29T17:03:10.485Z","avatar_url":"https://github.com/aborroy.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# alfresco-mtls-debugging-kit\n\nSet of tools to debug mTLS configuration issues when installing Alfresco Services using mTLS protocol:\n\n* [addons](addons) folder includes extensions that provide detailed information related to mTLS configuration\n  * [alfresco-http-java-client](addons/alfresco-http-java-client) is an Alfresco Repository addon for the Admin Console that adds the page \"Search Client\"\n  * [solr-http-java-client](addons/solr-http-java-client) is a SOLR plugin for the Admin REST API that adds the action \"HTTP-CLIENT\"\n* [apps](apps) folder includes applications to help identifying issues in mTLS configuration\n  * [mtls-conf-app](apps/mtls-conf-app) is a command line application to verify mTLS endpoint (server) and keystores (client)\n* [common](common) folder includes the library `crypto-utils`, that is used as third party dependency in addons and apps\n* [docker](docker) folder includes a sample mTLS configuration for Alfresco using keystores provided by [alfresco-ssl-generator](https://github.com/alfresco/alfresco-ssl-generator). This Docker Compose deployment also applies the `addons` to Alfresco Repository and SOLR\n* [step-ca](step-ca) folder includes a lab environment to generate ECC certificates for ECDSA and package required keystores for Alfresco mTLS configuration\n\n## Sample mTLS deployment\n\nThe [docker](docker) folder provides a ready-to-use configuration for secure communication between Repository and Search using mTLS. In addition, [alfresco-http-java-client](addons/alfresco-http-java-client) and [solr-http-java-client](addons/solr-http-java-client) addons are applied.\n\nThe stack can be started using regular Docker Compose command:\n\n```bash\ncd docker\ndocker compose up\n```\n\nServices:\n\n* Repository: http://localhost:8080/alfresco\n* Share UI: http://localhost:8080/share\n* ACA UI: http://localhost:8080/content-app\n* Solr UI: https://localhost:8983/solr\n\nAddons:\n\n* Repository Admin Console - Search Client: http://localhost:8080/alfresco/s/admin/admin-search-client\n* Solr HTTP-CLIENT action: https://localhost:8983/solr/admin/cores?action=HTTP-CLIENT\u0026coreName=alfresco\n\nCredentials:\n\n* `admin`/`admin` for Repository, Share and ACA\n* [browser.p12](docker/keystores/client) client certificate for Solr UI\n\n\n## Web Admin Tools\n\nThe [addons](addons) folder includes Web Admin Tools for Repository and SOLR. You can open them in a web browser and see information about mTLS setup, like where it connects to, the keys and certificates it uses, and the passwords.\n\nThe [docker](docker) folder applies both tools using Docker Compose. Deploying them locally requires following steps.\n\n**Admin Console Page for Alfresco Repository**\n\n* Installation: copy [alfresco-http-java-client-0.8.0.jar](https://github.com/aborroy/alfresco-mtls-debugging-kit/releases/download/0.8.0/alfresco-http-java-client-0.8.0.jar) and [crypto-utils-0.8.0.jar](https://github.com/aborroy/alfresco-mtls-debugging-kit/releases/download/0.8.0/crypto-utils-0.8.0.jar) files to `${TOMCAT_DIR}/webapps/alfresco/WEB-INF/lib/` and re-start the Alfresco service.\n* Url: http://localhost:8080/alfresco/s/admin/admin-search-client\n* Credentials: admin/admin\n\n**REST API Action for Apache Solr**\n\n* Installation\n  * Copy [solr-http-java-client-0.8.0.jar](https://github.com/aborroy/alfresco-mtls-debugging-kit/releases/download/0.8.0/solr-http-java-client-0.8.0.jar) and [crypto-utils-0.8.0.jar](https://github.com/aborroy/alfresco-mtls-debugging-kit/releases/download/0.8.0/crypto-utils-0.8.0.jar) files to `${SOLR_DIR}/solr/server/solr-webapp/webapp/WEB-INF/lib` \n  * Overwrite `${SOLR_DIR}/solrhome/solr.xml` file with content from [solr.xml](https://github.com/aborroy/alfresco-mtls-debugging-kit/blob/main/docker/search/config/solr.xml)\n  * Re-start Solr\n* Url: https://localhost:8983/solr/admin/cores?action=HTTP-CLIENT\u0026coreName=alfresco\n* Credentials: [browser.p12](docker/keystores/client) client certificate\n\n\n## Troubleshooting App\n\nThe Alfresco Repository may fail to boot depending on configuration parameter issues. To troubleshoot such scenarios, use the [mtls-conf-app](apps/mtls-conf-app) application.\n\nDefault values for application properties are available in [application.properties](https://github.com/aborroy/alfresco-mtls-debugging-kit/blob/main/apps/mtls-conf-app/src/main/resources/application.properties) file.\n\nFind the values you want to change, then start the Spring Boot application using the command line. For example, in the sample below, we're replacing the default value of `endpoint.host` with `192.168.1.137` instead of `localhost`.\n\n```sh\njava -jar target/mtls-conf-app-0.0.1.jar --endpoint.host=192.168.1.137\n```\n\nIf errors occur, the output will detail the cause and include the complete stack trace of the exception.\n\n```\nERRORS for ENDPOINT:\nCurrent server setting '192.168.1.137' seems to be wrong.\nVerify if you have access to server '192.168.1.137' or change the value to a different host name.\nERRORS DETAIL:\njava.net.ConnectException: Operation timed out\n    at java.base/sun.nio.ch.Net.connect0(Native Method)\n    at java.base/sun.nio.ch.Net.connect(Net.java:579)\n    at java.base/sun.nio.ch.Net.connect(Net.java:568)\n```\n\n\n## Keystores Generation Lab\n\nThis [folder](step-ca) includes instructions to create a new set of keystores for Alfresco mTLS configuration. Instead of using [alfresco-ssl-generator](https://github.com/Alfresco/alfresco-ssl-generator/blob/master/ssl-tool/samples/community.sh) tool, [step-ca](https://smallstep.com/certificates/) service is providing EC certificates to be used with [ECDSA algoritm](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). The certificates are packaged as expected by the Alfresco platform.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faborroy%2Falfresco-mtls-debugging-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faborroy%2Falfresco-mtls-debugging-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faborroy%2Falfresco-mtls-debugging-kit/lists"}