Hello Team,
We are setting up AEM Author Cold Standby with SSL and attempting to configure the certificates. However, we're encountering the following error:
"File does not contain valid certificates: D:\aem-author-sit2-2024\certificate.crt"
This is the certificate referenced in the chain certificate configuration. We have been unable to find any documentation outlining the required certificate format for AEM.
Could you provide the steps or commands necessary to generate a self-signed certificate with Open SSL support that AEM Cold Standby will accept?
Error message:
26.09.2024 07:42:48.143 *WARN* [primary-2] org.apache.jackrabbit.oak.segment.standby.server.ExceptionHandler Exception caught on the server
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:611)
at org.apache.jackrabbit.oak.segment.standby.netty.SSLSubjectMatcher.userEventTriggered(SSLSubjectMatcher.java:47) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:400) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:376) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:368) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.setHandshakeSuccess(SslHandler.java:1940) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:999) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1511) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at java.base/java.lang.Thread.run(Thread.java:834)
26.09.2024 07:42:49.466 *ERROR* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService)] org.apache.jackrabbit.oak.segment.standby.server.StandbyServer Server could not be started.
java.lang.IllegalArgumentException: File does not contain valid certificates: D:\aem-author-sit2-2024\certificate.crt
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:385) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:120) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer.<init>(StandbyServer.java:221) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer.<init>(StandbyServer.java:60) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServer$Builder.build(StandbyServer.java:212) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.server.StandbyServerSync.start(StandbyServerSync.java:263) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService.bootstrapPrimary(StandbyStoreService.java:214) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at org.apache.jackrabbit.oak.segment.standby.store.StandbyStoreService.activate(StandbyStoreService.java:170) [org.apache.jackrabbit.oak-segment-tar:1.22.20]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invokeMethod(BaseMethod.java:244) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod.access$500(BaseMethod.java:41) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod$Resolved.invoke(BaseMethod.java:685) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.BaseMethod.invoke(BaseMethod.java:529) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:318) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:308) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:354) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:115) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:1000) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:973) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:785) [org.apache.felix.scr:2.1.30]
at org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:750) [org.apache.felix.scr:2.1.30]