Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

IMS Integration problem: Cannot retrieve certificates: com.adobe.granite.crypto.CryptoException

ThatDeveloperGuy
Level 1
Level 1

Hi,

on our AEM 6.5 SP4 instance we experience an odd problem. 

We successfully integrated Target and Launch via IMS and it worked fine. Since yesterday we seem not to be able to do this anymore.

When I try to create an IMS config (at host/libs/cq/adobeims-configuration/content/configurations/createimsconfig.html) for Target or Launch I get an error immediately: "Cannot retrieve certificates: com.adobe.granite.crypto.CryptoException: Cannot convert byte data". This does NOT happen when I select "Asset Compute" or "Adobe Stock" in the *Cloud Solution* Dropdown (These were not configured previously).

 

In the chrome network tab I can see that the GET request to "http://host/libs/cq/adobeims-configuration/content/configurations/createimsconfig/contextCertificates?_charset_=UTF-8&cloudServiceName=Adobe+Launch" is responded with a 500 response code after I select Launch or Target. There is no stacktrace in the logs that helps me to dig further into this issue. 

Can you guys maybe point me in a direction where the said certificate may be?  I guess a certificate is corrupted and needs to be fixed? 

 

I'm thankful for any hint. 

 

Kind Regards

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution
Vish_dhaliwal
Correct answer by
Employee
Employee

Usually, the error "com.adobe.granite.crypto.CryptoException: Cannot convert byte data"  happens when if the config was generated in one env (with a specific hmac/master key) and then the config deployed to another env which has a different key.

 

In this case, it is happening because the protected data might be encrypted with another key. You can try creating a new certificate. 

 

 

View solution in original post

6 Replies
Vish_dhaliwal
Employee
Employee

Hello,

in AEM 6.5, you can skip the creation of launch config. You can simply select the Adobe Target in IMS config. The exact steps are mentioned in doc [1].

Looking at the error, it seems there is already a certificate loaded when you try to create new config and that certificate is somehow not valid.

Try to create a new certificate, download the public key and upload the public key in Adobe IO https://console.adobe.io/integrations.

[1] https://docs.adobe.com/content/help/en/experience-manager-65/administering/integration/integration-i...

Regards,

Vishu

 

 

Vish_dhaliwal
Correct answer by
Employee
Employee

Usually, the error "com.adobe.granite.crypto.CryptoException: Cannot convert byte data"  happens when if the config was generated in one env (with a specific hmac/master key) and then the config deployed to another env which has a different key.

 

In this case, it is happening because the protected data might be encrypted with another key. You can try creating a new certificate. 

 

 

View solution in original post

ThatDeveloperGuy
Level 1
Level 1
Hi, thank you for the quick response. That's actually what I wanted to do. But the UI for this is disabled (the checkbox "Create new certificate" is grayed out). When I enable it via chrome dev tools and submit the form I get the same error.. Do you happen to know where in CRX or the Filesystem the "broken" certificate is located - so I can delete it? Thank again!
Vish_dhaliwal
Employee
Employee

The IMS config gets saved under /apps/system/config/com.adobe.granite.auth.oauth.accesstoken.provider.59236d08-203b-49f5-a29e-0450c4523a58.config

Move this config to tmp folder or create a package, then delete the config from apps and try to recreate IMS config.

 

ThatDeveloperGuy
Level 1
Level 1
Deleting these entries did not help unfortunately. But I recovered the hmac and master files from a backup and now I can at least create new certificates. It's not ideal but it will do for now. Thanks for the support!
BradMColeman
Level 1
Level 1

OK but how do I delete that bad cert? Removing the config does not change the error.