Level 2

Curl command for uploading idp certificate in global trust store in aem 6.5

Forum|Forum|1 year ago
May 8, 2024
4 replies
1913 views

Hello

I'm trying to upload idp certificate in global trust store to configure SSO in aem 6.5 author using curl command. I copied the cert in a directory in Amazon Linux server and tried running few curl commands in the same directory to upload cert but the commands are not working.

Facing issues with ipd cert upload using curl cmd other curl commands for integrating SSO, installing aem, replication agants curl is working fine.

Can you please help me in knowing the curl command for idp certificate upload?

Thanks in advance.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Madhur-Madan

Community Advisor

Hi @krenuka ,
You can try the following steps below

With Basic Authentication:

If your AEM instance requires basic authentication (username and password), you can use the following curl command:
```
curl -u admin:admin -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" http://localhost:4502/libs/granite/security/truststore.json
```
1. Replace admin:admin with your AEM admin credentials.
2. Adjust the path to your IDP certificate file (idp_certificate.crt).
3. Set a unique alias for your certificate (e.g., my_idp_cert).
4. Modify the AEM instance URL (http://localhost:4502) as needed.

With Client Certificate Authentication:

If your AEM instance uses client certificate authentication, you’ll need to provide both the client certificate and key.
The --cert option specifies the client certificate, and the --key option specifies the private key associated with the certificate.
Example:
```
curl -v --cert /path/to/client_cert.pem --key /path/to/client_key.pem --pass my_password -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" https://localhost:4502/libs/granite/security/truststore.json
```
1. Replace /path/to/client_cert.pem and /path/to/client_key.pem with the actual paths to your client certificate and key files.
2. Set the correct password for the private key (my_password).
3. Adjust the AEM instance URL (https://localhost:4502) as needed.

Thanks,
Madhur

K

KRenukaAuthor

Level 2

Thanks for the response Madhur.

I am using Basic AUthentication and when I try below curl cmd with my credentials and values, I am getting below error in console

ERROR:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>500 Cannot adapt to user from path [/libs/granite/security/truststore.json]</title></head>
<body>
<h1>Cannot adapt to user from path [/libs/granite/security/truststore.json]</h1>
<p>Cannot serve request to /libs/granite/security/truststore.json on this server</p>

<hr>
<address>Apache Sling</address>
</body>
</html>

curl -u admin:admin -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" http://localhost:4502/libs/granite/security/truststore.json

K

KRenukaAuthor

Level 2

Hi @krenuka ,
There are several reasons which could generate the error. You can try the below mentioned steps to debug.

Verify that the URL path is correct. Make sure that /libs/granite/security/truststore.json exists in your AEM instance.
You can manually check this by navigating to http://localhost:4502/libs/granite/security/truststore.json in your web browser.
Confirm that the user account (admin in your case) has the necessary permissions to upload certificates to the truststore.
Also check if the user has the appropriate permissions for the /libs/granite/security/truststore.json resource.

To debug further, try using the -v option with curl to get verbose output. This will show additional details about the request and response.

curl -v -u admin:admin -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" http://localhost:4502/libs/granite/security/truststore.json

Check the AEM logs for any relevant error messages related to truststore operations.

Replace placeholders like /path/to/idp_certificate.crt and my_idp_cert with the actual values.

@madhur-madan

I am able to access /libs/granite/security/truststore.json page with my user creds having admin access from gui and also using curl cmd.
curl -u admin:admin http://localhost:4502/libs/granite/security/truststore.json
But unable to update any values using the above cmd, getting below error
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>500 Cannot adapt to user from path [/libs/granite/security/truststore.json]</title></head> <body>
<h1>Cannot adapt to user from path [/libs/granite/security/truststore.json]</h1> <p>Cannot serve request to /libs/granite/security/truststore.json on this server</p>
<hr>
<address>Apache Sling</address> </body>
And I am able to update the values for http://localhost:4502/libs/granite/security/content/truststore.json page but unable to update for actual page http://localhost:4502/libs/granite/security/truststore.json

kautuk_sahni

Community Manager

@krenuka Did you find the suggestions helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Kautuk Sahni

kautuk_sahni

Community Manager

@krenuka Did you find the suggestions helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Kautuk Sahni

kautuk_sahni

Community Manager

@madhur-madan Did you find the suggestions helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Kautuk Sahni

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded