Hello,
Can someone help me out with steps to install and configure AEM 6.4 for SSL.
Thanks
Qamar
Solved! Go to Solution.
Views
Replies
Total Likes
Views
Replies
Total Likes
Views
Replies
Total Likes
Thanks Gauravb for help, I will check and let you if find any difficulty in it.
Hello Gaurav and other Friends,
Little late update on this query. Now I am able to successfully running AEM author on https domain site, thank you to all.
I have developed the java OSGI maven bundle for my API services and all methods calling successfully except myLogin.
My current problem is that -- I am able to call my doPost method of SlingAllMethodsServlet for https request URL but
PostMethod authRequest = new PostMethod(String.format("%s://%s:%s/j_security_check", PROTOCOL, HOST, PORT));
authRequest.setParameter("j_username", username);
authRequest.setParameter("j_password", password);
authRequest.setParameter("j_validate", "true");
int status = client.executeMethod(authRequest);
call giving below Exception error.
Exception -------------------------------------------------------------------------------------------
org.apache.sling.engine.impl.SlingMainServlet service: Uncaught Problem handling the request
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) [com.day.commons.osgi.wrapper.commons-httpclient:3.1.0.018]
--------------------------------------------------------------------------
As Solution
1. I have installed my domain certificate on both dev machine and dev server by using below commands
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file FILENAME_OF_THE_INSTALLED_CERTIFICATE -keystore PATH_TO_CACERTS_FILE -storepass PASSWORD
2. Jdk version JDK 1.8.0_162
3.For one solution given in https://developer.salesforce.com/forums/?id=9060G000000BhSjQAK,have upgraded JRE version to 1.8.0_202. But still no luck.
Do I require to restart AEM server after JDK version upgrade or machine?
Thanks
Qamar
Views
Replies
Total Likes
Could you share more details about your use case? Are you trying to connect to AEM from SFDC app or vice versa?
JDK1.8 is recommended for 6.4, minor versions won't matter.
Views
Replies
Total Likes
Hi, Gaurav thanks again for your reply,
I have resolved the issue, In case of AEM https login of OSGI Java Bundle.
What all need to do is install your domain (SSL Certificate) in JDK/JRE certificate list.
The instruction as given below there 2 option you can do this, to restart AEM server is a must.
#
keytool -import -v -trustcacerts -alias <your domain> -file ~/<your domain>.crt -keystore <JAVA HOME>/jre/lib/security/cacerts -keypass changeit -storepass changeit
1.replace <your domain> with your domain (e.g. xx.xxx.com)
2.replace <JAVA HOME> with your java home directory
#
---------------------------------------
Option 1:
1. Go to AEM site logged in and click on the lock icon in the browser.
2. Click on Valid Certificate and select tab details
3. Choose copy file button and select Base64 file type.
4. Save next on a desktop or any other folder.
5. After save got to mw.cer file and just install it.
6.Got to command and change directory to C:\Program Files\Java\jre1.8.0_121\bin
7. Check available certificates and observe count in the start
To See List
keytool -list -keystore "C:\Program Files\Java\jre1.8.0_121\lib\security\cacerts"
8. Then run below command by setting alias, -file and keystore and default password as changeit
keytool -importcert -v –trustcacerts –alias xx.xxx.com -file "C:\Users\administrator\Desktop\xxx.cer" -keystore "C:\Program Files\Java\jre1.
8.0_121\lib\security\cacerts" -storepass changeit
9. Command prompt for installing certificate type yes and enter.
10. Now run keytool -list -keystore again and check certificate count again.
11. Restart AEM server.
Option 2:
1) Download the InstallCert.java file from https://drive.google.com/file/d/1T3w9BYWVg6wrkSrCXFh77MoAykCeRcQ4/view
or found with this file.
2) Compile the file using the command as below: Note if the command is not recognized go to JDK bin folder and then compile.
javac InstallCert.java
3) Add Trusted Keystore
C:\User\MyUser>java InstallCert xx.xxx.com or xx.xxx.com:443
4. Copy jssecacerts: Copy the generated jssecacerts file at $JAVA_HOME/jre/lib/security folder.
5. Restart AEM server.
Thanks
Qamar
Views
Likes
Replies
Views
Likes
Replies
keytool –
import
–noprompt –trustcacerts –alias ALIASNAME -file FILENAME_OF_THE_INSTALLED_CERTIFICATE -keystore PATH_TO_CACERTS_FILE -storepass PASSWORD