Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM 6.4 Link Checker SSL Error

Avatar

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
ReachPriyadarsh
Level 2

24-07-2018

Hi,

I am facing issues with some external links getting removed by the link checker.

While checking in /etc/linkchecker.html , it shows the links are invalid and throwing a SSL error. The same url works fine in the 6.2 environment. I  have not made any modifications to the link checker configurations in either environment. Kindly let me know if any new changes to the 6.4 link checker service might be causing this and how to go about resolving the URL ? I am hoping not to disable the checker altogether.

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,406 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

24-07-2018

I will check with cust care team to see if this is a known issue.

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

24-07-2018

What's the message in the log about this "SSL error", can you be more specific. I doubt that there is a regression, but my first bet is that your AEM 6.4 environment is configured differently than your AEM 6.2 environment. Maybe missing SSL certificates?

Jörg

Avatar

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
ReachPriyadarsh
Level 2

25-07-2018

Hi,

Sorry, I tried to add a picture attachment and it may have got deleted earlier. When I access /etc/linkchecker.html, this is the error I get

Link Checker_Question.png

Also, I get the below error log for an 'Invalid' and 'Valid' link respectively.

Invalid :

25.07.2018 01:06:46.465 *ERROR* [sling-default-3-com.day.cq.rewriter.linkchecker.impl.LinkCheckerTask.23680] com.day.cq.rewriter.linkchecker.impl.LinkCheckerTask Failed to validate URL http://xxxxyyyzzz.com/xyz/overview.aspx: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Valid :

25.07.2018 01:06:47.155 *INFO* [sling-default-3-com.day.cq.rewriter.linkchecker.impl.LinkCheckerTask.23680] com.day.cq.rewriter.linkchecker.impl.LinkCheckerTask Checked URL http://aaabbbccc.com/us/qqqqq.html: 404 (invalid)

All this is happening on my local instance, so there are no certificates etc installed for this.

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

25-07-2018

The problem is this:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This means, that based on the certificates available to your AEM instance it was not possible to validate the trust chain for a given SSL certificate. Check the certificate in your browser and validate that all intermediate certificates are available to your AEM instance.

Avatar

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
ReachPriyadarsh
Level 2

Likes

3 likes

Total Posts

11 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
ReachPriyadarsh
Level 2

25-07-2018

Sorry, I did not get the part about validating intermediate certificates on my local AEM instance. Did you refer to enabling SSL on AEM ? I tried creating a https://localhost:8443/ secure URL with self-signed certificates via OpenSSL along with the http://localhost:4502/ . Still facing the same issue.

Avatar

Avatar
Give Back 5
Level 3
Julio_Baixauli
Level 3

Likes

22 likes

Total Posts

82 posts

Correct Reply

6 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back
Ignite 1
Validate 25
View profile

Avatar
Give Back 5
Level 3
Julio_Baixauli
Level 3

Likes

22 likes

Total Posts

82 posts

Correct Reply

6 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back
Ignite 1
Validate 25
View profile
Julio_Baixauli
Level 3

05-03-2019

Hi Jörg.

Just a consideration related to this. AEM authors can use any https URL to build their contents. These https URLs may use some certificates that are not included in the AEM instance. We, as AEM administrators, cannot know which of these certificates will be required in the future for the links included by the authors.

In the other hand, I think we can consider the links are valid, as the end user will find a server response from these links, having a trusted certificate chain or not. The browser will show the typical SSL warnings to the users, and they will be able to choose what to do.

IMHO, I think Link Checker should not check the certificate chain, or it should be an option to enable/disable this behavior. Is there any way to disable the certificate chain validation?

Let me know your thoughts on this issue.

Kind regards,

Julio.

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

05-03-2019

Hi Julio,

That's a good approach to think about. Can you raise it as a feature request via the Adobe support channels? I don't think that it's available as feature already.

Another thought is, that in reality the number of root certificates for public facing websites is rather limited. The JVM already comes with a good number of them, and they rarely change. Adding a single certificate (maybe your own intranet-based systems where you use your own proprietary root certificate) shouldn't be too hard.

Jörg

Avatar

Avatar
Boost 1
Level 1
giovanymorenohe
Level 1

Like

1 like

Total Posts

3 posts

Correct Reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
giovanymorenohe
Level 1

Like

1 like

Total Posts

3 posts

Correct Reply

0 solutions
Top badges earned
Boost 1
View profile
giovanymorenohe
Level 1

28-03-2019

Hello Jörg Hoh ,

I am facing the same issue mentioned above. Obtaining a new valid certificate is not an option as it takes a few months and the client requires this urgently.

In previous versions, the LinkChecker was ignoring this SSL issue via the service.check_override_patterns property, which had been working for some years now. This seems to be an issue with 6.4 only, so I would kindly appreciate your support. Is this a regression?

Best regards,

Gio

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,077 likes

Total Posts

3,112 posts

Correct Reply

1,060 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

29-03-2019

This property still exists (checked on my local 6.4 env here).

Jörg