Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Asset link fails connection with "Error: self signed certificate in certificate chain" - AEM as a cloud service

Avatar

Level 5

Hi there, no luck with adobe support so trying here instead, asset link connection to aem instance fails with this error:

 

1638543234714: DEBUG [AEMService] Full error: {"name":"RequestError","message":"Error: self signed certificate in certificate chain","cause":{"code":"SELF_SIGNED_CERT_IN_CHAIN"},"error":{"code":"SELF_SIGNED_CERT_IN_CHAIN"}
1638543234714: INFO [AEMService] Checking AEM server call for redirect status. Error has status code other than 3xx (redirect).

 

there is nothing about doing any other confuguration than making sure the user belongs to a user with the correct permissions here: https://helpx.adobe.com/enterprise/using/configure-aem-assets-for-asset-link.html so one can assume there is nothing that needs to be configured apart from that. 

 

what worries me is that for aem 6.X there is a lot to configure regarding authentication with IMS users ( https://helpx.adobe.com/enterprise/using/configure-aem-assets-6-for-asset-link.html#aem-config-manua...

Is it really so that nothing of this is needed on aem as a cloud service?  maybe something has to be configured on the cloud instance at least?

 

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Are you using a transparent proxy, which plays man-in-the-middle on a networking layer? That's quite common for enterprises, which for that reason inject their own certificates in the browser certificate stores.

 

Not sure if the CC products access these certificate stores or if they have their own. Because in that case it would not know the certificate your enterprise has added.

View solution in original post

1 Reply

Avatar

Correct answer by
Employee Advisor

Are you using a transparent proxy, which plays man-in-the-middle on a networking layer? That's quite common for enterprises, which for that reason inject their own certificates in the browser certificate stores.

 

Not sure if the CC products access these certificate stores or if they have their own. Because in that case it would not know the certificate your enterprise has added.

Avatar

Level 5

hi @Jörg_Hoh it was exactly that, the ssl chain was intercepted by the enterprise firewalls and cc product did not take the local cert store into account like the browser does. So we had IT deploy an exception for *.adobeaemcloud.com which fixed this issue