Curl command for uploading idp certificate in global trust store in aem 6.5 | Community
Skip to main content
K
KRenuka
Level 2
May 8, 2024

Curl command for uploading idp certificate in global trust store in aem 6.5

  • May 8, 2024
  • 4 replies
  • 1913 views

Hello

I'm trying to upload idp certificate in global trust store to configure SSO in aem 6.5 author using curl command. I copied the cert in a directory in Amazon Linux server and tried running few curl commands in the same directory to upload cert but the commands are not working.

Facing issues with ipd cert upload using curl cmd other curl commands for integrating SSO, installing aem, replication agants curl is working fine.

Can you please help me in knowing the curl command for idp certificate upload?

 

Thanks in advance.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

4 replies

Madhur-Madan
Community Advisor
Madhur-MadanCommunity Advisor
Community Advisor
May 9, 2024

Hi @krenuka ,
You can try the following steps below

With Basic Authentication:

  • If your AEM instance requires basic authentication (username and password), you can use the following curl command:
    curl -u admin:admin -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" http://localhost:4502/libs/granite/security/truststore.json
    1. Replace admin:admin with your AEM admin credentials.
    2. Adjust the path to your IDP certificate file (idp_certificate.crt).
    3. Set a unique alias for your certificate (e.g., my_idp_cert).
    4. Modify the AEM instance URL (http://localhost:4502) as needed.

With Client Certificate Authentication:

  • If your AEM instance uses client certificate authentication, you’ll need to provide both the client certificate and key.
  • The --cert option specifies the client certificate, and the --key option specifies the private key associated with the certificate.
  • Example:
    curl -v --cert /path/to/client_cert.pem --key /path/to/client_key.pem --pass my_password -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" https://localhost:4502/libs/granite/security/truststore.json
    1. Replace /path/to/client_cert.pem and /path/to/client_key.pem with the actual paths to your client certificate and key files.
    2. Set the correct password for the private key (my_password).
    3. Adjust the AEM instance URL (https://localhost:4502) as needed.

Thanks,
Madhur

    K
    KRenukaAuthor
    Level 2
    May 9, 2024

    Thanks for the response Madhur.

    I am using Basic AUthentication  and when I try below curl cmd with my credentials and values, I am getting below error in console

    ERROR:

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html>
    <head><title>500 Cannot adapt to user from path [/libs/granite/security/truststore.json]</title></head>
    <body>
    <h1>Cannot adapt to user from path [/libs/granite/security/truststore.json]</h1>
    <p>Cannot serve request to /libs/granite/security/truststore.json on this server</p>

     

    <hr>
    <address>Apache Sling</address>
    </body>
    </html>



    curl -u admin:admin -F "certificate=@/path/to/idp_certificate.crt" -F "alias=my_idp_cert" http://localhost:4502/libs/granite/security/truststore.json



      J
      Jon-Starling
      Level 2
      May 19, 2024

      @madhur-madan 
      I am able to update cert  alias under /libs/granite/security/content/truststore.json using curl cmd  but the certificate is not getting uploaded in trust store.

      Unable to find cert details below:

       




      I am facing the same issue...

      curl -k -s -u "admin:**********" -F "certificate=@/DevOps/Main/config-files/certs/sso/sso-certs/_.esso-uat.********.cer" -F "alias=admin" https://*******************/libs/granite/security/content/truststore.json

       

      I get the response back...

       

      <html>
      <head>
      <title>Content modified /libs/granite/security/content/truststore</title>
      </head>
      <body>
      <h1>Content modified /libs/granite/security/content/truststore</h1>
      <table>
      <tbody>
      <tr>
      <td>Status</td>
      <td><div id="Status">200</div></td>
      </tr>
      <tr>
      <td>Message</td>
      <td><div id="Message">OK</div></td>
      </tr>
      <tr>
      <td>Location</td>
      <td><a href="/libs/granite/security/content/truststore" id="Location">/libs/granite/security/content/truststore</a></td>
      </tr>
      <tr>
      <td>Parent Location</td>
      <td><a href="/libs/granite/security/content" id="ParentLocation">/libs/granite/security/content</a></td>
      </tr>
      <tr>
      <td>Path</td>
      <td><div id="Path">/libs/granite/security/content/truststore</div></td>
      </tr>
      <tr>
      <td>Referer</td>
      <td><div id="Referer"></div></td>
      </tr>
      <tr>
      <td>ChangeLog</td>
      <td><div id="ChangeLog">&lt;pre&gt;modified(&quot;/libs/granite/security/content/truststore/certificate/jcr:lastModified&quot;);&lt;br/&gt;modified(&quot;/libs/granite/security/content/truststore/certificate/jcr:mimeType&quot;);&lt;br/&gt;modified(&quot;/libs/granite/security/content/truststore/certificate/jcr:data&quot;);&lt;br/&gt;modified(&quot;/libs/granite/security/content/truststore/alias&quot;);&lt;br/&gt;&lt;/pre&gt;</div></td>
      </tr>
      </tbody>
      </table>
      <p><a href="/libs/granite/security/content/truststore">Modified Resource</a></p>
      <p><a href="/libs/granite/security/content">Parent of Modified Resource</a></p>
      </body>
      </html>

      So it looks fine

      But no cert when I go to the global trust store

      Does it need a restart of the instance?

       

      I do notice it doesn't seem to give the user to map to in the command - could that be the issue? I always have to map it to the admin user to make it work when I do it manually.

      I tried to look at the payload when I do it manually and get this...

      certificate: (binary)
      userPath:
      userPath@Delete:
      :cq_csrf_token:
      eyJleHAiOjE3MTYxMDE3MzcsImlhdCI6MTcxNjEwMTEzN30.7d6EENxcEF_bKETDrOh70DeZEIu7p5DutVtgPRvve50

      I tried adding in as a real shot in the dark...

      -F "userPath=" -F "userPath@Delete="

      But nothing

       

      When I go to the authentication service it has no keystore using the curl

      when I do it manually it still does not have one where as in a current environment that works it shows one is there but no actual cert listed.

       

      I have a command which does seem to create the global trust store but I was trying then to add a package with the certs and that was getting wiped out. Seems to be a dead end

      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      May 16, 2024

      @krenuka Did you find the suggestions helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

      Kautuk Sahni
      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      May 16, 2024

      @krenuka Did you find the suggestions helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

      Kautuk Sahni
      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      May 16, 2024

      @madhur-madan Did you find the suggestions helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

      Kautuk Sahni
      Terms & ConditionsAccessibility statement

      Loading footer...