Hello Team,
We are setting up AEM Author Cold Standby with SSL and attempting to configure the certificates. However, we're encountering the following error:
"File does not contain valid certificates: D:\aem-author-sit2-2024\certificate.crt"
This is the certificate referenced in the chain certificate configuration. We have been unable to find any documentation outlining the required certificate format for AEM.
Could you provide the steps or commands necessary to generate a self-signed certificate with Open SSL support that AEM Cold Standby will accept?
Error message:
26.09.2024 07:42:48.143 *WARN* [primary-2] org.apache.jackrabbit.oak.segment.standby.server.ExceptionHandler Exception caught on the server
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:611)
at org.apache.jackrabbit.oak.segment.standby.netty.SSLSubjectMatcher.userEventTriggered(SSLSubjectMatcher.java:47) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:400) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:376) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:368) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java:1940) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:999) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1511) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at java.base/java.lang.Thread.run(Thread.java:834)
26.09.2024 07:42:49.466 *ERROR* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService)] org.apache.jackrabbit.oak.segment.standby.server.StandbyServer Server could not be started.
java.lang.IllegalArgumentException: File does not contain valid certificates: D:\aem-author-sit2-2024\certificate.crt
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:385) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:120) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer.<init>(StandbyServer.java:221) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer.<init>(StandbyServer.java:60) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer$Builder.build(StandbyServer.java:212) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServerSync.start(StandbyServerSync.java:263) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService.bootstrapPrimary(StandbyStoreService.java:214) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService.activate(StandbyStoreService.java:170) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invokeMethod(BaseMethod.java:244) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod.access$500(BaseMethod.java:41) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod$Resolved.invoke(BaseMethod.java:685) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invoke(BaseMethod.java:529) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:318) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:308) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:354) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:115) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:1000) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:973) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:785) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:750) [org.apache.felix.scr:2.1.30]
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Hello @sarav_prakash ,
Thanks for the reply.
The SSL certificates are working fine, as confirmed by the SSL wizard. The primary instance is serving over HTTPS with a valid SSL certificate. The sync process was working fine before SSL was enabled, but the issue occurred after enabling SSL. On the cold standby, no additional configuration is needed (and actually can't be done, since the console isn't available) because all content syncs from the primary.
@Imran__Khan @BrianKasingli @lukasz-m @Jagadeesh_Prakash @markus_bulla_adobe @sherinregi @sarav_prakash Curious to hear your perspectives on this question. Do you all mind sharing your thoughts?
Views
Replies
Total Likes
@madalavenkat7 , did you check SSL Wizard?There is good documentation here and here. Most times its corrupted certificate that fails. There are different ways to verify certificate before uploading. Also in past, we faced issues generating cert with windows machine vs mac machine. Windows handles CLRF differently from mac machines. Windows certificate failed but certificate from mac machine worked. Try out if possible.
Hello @sarav_prakash ,
Thanks for the reply.
The SSL certificates are working fine, as confirmed by the SSL wizard. The primary instance is serving over HTTPS with a valid SSL certificate. The sync process was working fine before SSL was enabled, but the issue occurred after enabling SSL. On the cold standby, no additional configuration is needed (and actually can't be done, since the console isn't available) because all content syncs from the primary.
Hello @kautuk_sahni ,
My issue remains unresolved, as I mentioned that the sync is still not working with SSL enabled.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Like
Replies