Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM Author 6.5 cold standby is unable to sync due to invalid certificate

Avatar

Level 2
Level 2
10/1/24 3:12:59 AM

Hello Team,

 

We are setting up AEM Author Cold Standby with SSL and attempting to configure the certificates. However, we're encountering the following error:
"File does not contain valid certificates: D:\aem-author-sit2-2024\certificate.crt"
This is the certificate referenced in the chain certificate configuration. We have been unable to find any documentation outlining the required certificate format for AEM.

Could you provide the steps or commands necessary to generate a self-signed certificate with Open SSL support that AEM Cold Standby will accept?

 

Error message:

 

26.09.2024 07:42:48.143 *WARN* [primary-2] org.apache.jackrabbit.oak.segment.standby.server.ExceptionHandler Exception caught on the server
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:611)
at org.apache.jackrabbit.oak.segment.standby.netty.SSLSubjectMatcher.userEventTriggered(SSLSubjectMatcher.java:47) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:400) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:376) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:368) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java:1940) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:999) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1511) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at java.base/java.lang.Thread.run(Thread.java:834)
26.09.2024 07:42:49.466 *ERROR* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService)] org.apache.jackrabbit.oak.segment.standby.server.StandbyServer Server could not be started.
java.lang.IllegalArgumentException: File does not contain valid certificates: D:\aem-author-sit2-2024\certificate.crt
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:385) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:120) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer.<init>(StandbyServer.java:221) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer.<init>(StandbyServer.java:60) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer$Builder.build(StandbyServer.java:212) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServerSync.start(StandbyServerSync.java:263) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService.bootstrapPrimary(StandbyStoreService.java:214) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService.activate(StandbyStoreService.java:170) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invokeMethod(BaseMethod.java:244) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod.access$500(BaseMethod.java:41) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod$Resolved.invoke(BaseMethod.java:685) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invoke(BaseMethod.java:529) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:318) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:308) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:354) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:115) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:1000) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:973) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:785) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:750) [org.apache.felix.scr:2.1.30]

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Sites

Views

144

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
10/18/24 2:43:53 AM
In response to sarav_prakash

Hello @sarav_prakash ,

Thanks for the reply.

The SSL certificates are working fine, as confirmed by the SSL wizard. The primary instance is serving over HTTPS with a valid SSL certificate. The sync process was working fine before SSL was enabled, but the issue occurred after enabling SSL. On the cold standby, no additional configuration is needed (and actually can't be done, since the console isn't available) because all content syncs from the primary.

 

View solution in original post

Views

67

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Administrator
Administrator
10/17/24 1:22:07 AM

@Imran__Khan @BrianKasingli @lukasz-m @Jagadeesh_Prakash @markus_bulla_adobe @sherinregi @sarav_prakash Curious to hear your perspectives on this question. Do you all mind sharing your thoughts?



Kautuk Sahni

Views

93

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
10/17/24 5:48:12 AM

@madalavenkat7 , did you check SSL Wizard?There is good documentation here and here. Most times its corrupted certificate that fails. There are different ways to verify certificate before uploading. Also in past, we faced issues generating cert with windows machine vs mac machine. Windows handles CLRF differently from mac machines. Windows certificate failed but certificate from mac machine worked. Try out if possible. 

Views

76

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
10/18/24 2:43:53 AM
In response to sarav_prakash

Hello @sarav_prakash ,

Thanks for the reply.

The SSL certificates are working fine, as confirmed by the SSL wizard. The primary instance is serving over HTTPS with a valid SSL certificate. The sync process was working fine before SSL was enabled, but the issue occurred after enabling SSL. On the cold standby, no additional configuration is needed (and actually can't be done, since the console isn't available) because all content syncs from the primary.

 

Views

68

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
10/18/24 3:08:19 AM
In response to madalavenkat7

Hello @kautuk_sahni ,

My issue remains unresolved, as I mentioned that the sync is still not working with SSL enabled.

Views

59

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Not able to use credentials for login after installing AEM service pack 9 for 6.5 Solved

Views

149

Likes

0

Replies

3
Will there be issue deploying AEM Bundles compiled on Java 11 to the AEM Instance running in Java 8? Solved

Views

106

Likes

0

Replies

1
How to restrict anonymous access /crx/explorer/ui/search.jsp

Views

26

Likes

0

Replies

0
how to write junit for the below code

Views

74

Likes

0

Replies

2
Unable to render url or html content as page via sightly

Views

58

Likes

0

Replies

1