Expand my Community achievements bar.

SOLVED

IMS Integration problem: Cannot retrieve certificates: com.adobe.granite.crypto.CryptoException

Avatar

Level 1

Hi,

on our AEM 6.5 SP4 instance we experience an odd problem. 

We successfully integrated Target and Launch via IMS and it worked fine. Since yesterday we seem not to be able to do this anymore.

When I try to create an IMS config (at host/libs/cq/adobeims-configuration/content/configurations/createimsconfig.html) for Target or Launch I get an error immediately: "Cannot retrieve certificates: com.adobe.granite.crypto.CryptoException: Cannot convert byte data". This does NOT happen when I select "Asset Compute" or "Adobe Stock" in the *Cloud Solution* Dropdown (These were not configured previously).

 

In the chrome network tab I can see that the GET request to "http://host/libs/cq/adobeims-configuration/content/configurations/createimsconfig/contextCertificates?_charset_=UTF-8&cloudServiceName=Adobe+Launch" is responded with a 500 response code after I select Launch or Target. There is no stacktrace in the logs that helps me to dig further into this issue. 

Can you guys maybe point me in a direction where the said certificate may be?  I guess a certificate is corrupted and needs to be fixed? 

 

I'm thankful for any hint. 

 

Kind Regards

1 Accepted Solution

Avatar

Correct answer by
Employee

Usually, the error "com.adobe.granite.crypto.CryptoException: Cannot convert byte data"  happens when if the config was generated in one env (with a specific hmac/master key) and then the config deployed to another env which has a different key.

 

In this case, it is happening because the protected data might be encrypted with another key. You can try creating a new certificate. 

 

 

View solution in original post

6 Replies

Avatar

Employee

Hello,

in AEM 6.5, you can skip the creation of launch config. You can simply select the Adobe Target in IMS config. The exact steps are mentioned in doc [1].

Looking at the error, it seems there is already a certificate loaded when you try to create new config and that certificate is somehow not valid.

Try to create a new certificate, download the public key and upload the public key in Adobe IO https://console.adobe.io/integrations.

[1] https://docs.adobe.com/content/help/en/experience-manager-65/administering/integration/integration-i...

Regards,

Vishu

 

 

Avatar

Correct answer by
Employee

Usually, the error "com.adobe.granite.crypto.CryptoException: Cannot convert byte data"  happens when if the config was generated in one env (with a specific hmac/master key) and then the config deployed to another env which has a different key.

 

In this case, it is happening because the protected data might be encrypted with another key. You can try creating a new certificate. 

 

 

Hi, thank you for the quick response. That's actually what I wanted to do. But the UI for this is disabled (the checkbox "Create new certificate" is grayed out). When I enable it via chrome dev tools and submit the form I get the same error.. Do you happen to know where in CRX or the Filesystem the "broken" certificate is located - so I can delete it? Thank again!

Avatar

Employee

The IMS config gets saved under /apps/system/config/com.adobe.granite.auth.oauth.accesstoken.provider.59236d08-203b-49f5-a29e-0450c4523a58.config

Move this config to tmp folder or create a package, then delete the config from apps and try to recreate IMS config.

 

Deleting these entries did not help unfortunately. But I recovered the hmac and master files from a backup and now I can at least create new certificates. It's not ideal but it will do for now. Thanks for the support!

Avatar

Level 1

OK but how do I delete that bad cert? Removing the config does not change the error.