AEM Forms 6.2 JEE installation on Linux | Adobe Higher Education
Skip to main content
이 주제는 답변이 닫혔습니다.
최고의 답변: Mayank_Gandhi

Hi James,

OpenJDK April 2017 security update 131 introduced a new restriction on how MD5 signed JAR files are verified.There is a Product document[0] which states the change required on the server in case you want to run Java 131 and above. Below 121, therefore, should give us a fair idea about our approach. I wish about the psychic power but here the service startup error and the log trace[1] helped me.

Let me know if this helps.

Regards,

Mayank

[0] OpenJDK April 2017 security update 131 (8u131) and MD5 signed jars - #> opsech.io

[1] https://helpx.adobe.com/aem-forms/kb/java-update-compatability-md5.html

[2] "caused by: java.lang.SecurityException: JsafeJCE provider is disabled, a FIPS 140 required self-integrity check failed at com.rsa.jsafe.provider.JsafeJCE.<init>(Unknown Source) [jsafeJCEFIPS.jar:3.5]"

11 답변

Mayank_Gandhi
Adobe Employee
Mayank_GandhiAdobe Employee
Adobe Employee
April 30, 2018

Hi James,

Can you please try bringing up the system with java 8 update 121 or lower?

James_R_Green
James_R_Green작성자
Level 6
April 30, 2018

Mayank,

Great idea! The JDK version has changed on the VM (which I wasn't made aware of)....I will try with a lower version and update this request accordingly.

Does the process that is trying to run have a known issue with 1.8 version after 121?

Would be great to know a few more details - or do you have psychic powers : )

Thanks,

Jim

H
Mayank_Gandhi
Adobe Employee
Mayank_GandhiAdobe Employee답변
Adobe Employee
April 30, 2018

Hi James,

OpenJDK April 2017 security update 131 introduced a new restriction on how MD5 signed JAR files are verified.There is a Product document[0] which states the change required on the server in case you want to run Java 131 and above. Below 121, therefore, should give us a fair idea about our approach. I wish about the psychic power but here the service startup error and the log trace[1] helped me.

Let me know if this helps.

Regards,

Mayank

[0] OpenJDK April 2017 security update 131 (8u131) and MD5 signed jars - #> opsech.io

[1] https://helpx.adobe.com/aem-forms/kb/java-update-compatability-md5.html

[2] "caused by: java.lang.SecurityException: JsafeJCE provider is disabled, a FIPS 140 required self-integrity check failed at com.rsa.jsafe.provider.JsafeJCE.<init>(Unknown Source) [jsafeJCEFIPS.jar:3.5]"

James_R_Green
James_R_Green작성자
Level 6
May 3, 2018

Hi Mayank Gandhi

Despite this making perfect sense it does not appear to have resolved the issue using java version 121.

I will post the latest log file here, but would really appreciate if you have any further suggestions?

Thanks,

Jim

Mayank_Gandhi
Adobe Employee
Mayank_GandhiAdobe Employee
Adobe Employee
May 3, 2018

Hi Jim,

Please attach the CRX error log, App server, DB and OS detail. Have you tried redeploying the EAR?

Thanks

James_R_Green
James_R_Green작성자
Level 6
May 3, 2018

Fixed.

I reverted to Java 1.8 045, this version was used previously (found in an old log file).

Thanks so much for your help Mayank Gandhi you are a life saver.

Thanks,

Jim

S
DarrenBiz
DarrenBiz
Level 6
May 3, 2018

Glad you got this sorted. I have always been under the impression that while OpenJDK works (most of the time) is not officially supported by Adobe, so we always use Oracle JDK instead.

Adobe Experience Manager Help | Supported Platforms for AEM Forms on JEE

Same goes for all of our AEM instances.

James_R_Green
James_R_Green작성자
Level 6
May 3, 2018

DarrenBiz

Thanks for the extra information. Not my choice of java on the machine in question but I will pass this on.

A
aarons27969144
July 23, 2018

I run into this as well but while using Oracle JDK 8 (J2SE), anything newer than jdk.1.8.0_141 fails loading the license key as the encryption algorithm is missing due to Oracle deprecating it.

I think I figured out why this is occurring:

It appears as though the license key provided by Adobe in pfx format contains certs that were generated using a very old and now deprecated algorithm. RC2-CBC

I'd recommend someone look into this and use at least SHA256 to sign certificates for licenses , so AEM can be more in line with security requirements these days.

    Mayank_Gandhi
    Adobe Employee
    Mayank_GandhiAdobe Employee
    Adobe Employee
    July 23, 2018

    You can request for a new pfx file in that case. Please drop an email to cuscare@adobe.com and provide the Customer ID and the regenerated pfx would be shared with you.

      threaded_replies.show_more_replies
      약관 및 조건Accessibility statement

      Loading footer...