Link Checker Issue - SSLException - AEM 6.4

cprogramkarthic

12-02-2019

Hi Team,

We have few external URLs(something like below) authored in the site pages.

The URLs are broken in author and publish. The below error is coming in the error.log in both AEM 6.2 and AEM 6.4. But these URLs are marked Valid in AEM 6.2 and Invalid in AEM 6.4 in External Link Checker(/etc/linkchecker.html).

Upon checking the adobe code in java class com.day.cq.rewriter.linkchecker.impl.LinkCheckerTask, found that in AEM 6.4 the URLs that provide SSLException are marked as Invalid which was not the case in AEM 6.2.

For now, we have disabled the Link checker in felix console as a work around.

Is there any way to get the URLs working fine in the pages without using any of the workarounds like below? If not, what is the right approach to get the URLs working?

i)Disabling the Link checker

ii)Skipping the URL from felix console by adding Link Check Override Pattern

iii)Skipping the URL by using x-cq-linkchecker="valid" parameter in the <a> tag

Accepted Solutions (1)

Accepted Solutions (1)

Jörg_Hoh

Employee

13-02-2019

"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

This message means, that the certificate validation is not working properly. Probably the URL you are requesting has been signed by a root certificate which is not in your trust store. Either ignore this message or identify this certificate and add it to the truststore you are using for the JVM.

Answers (1)

Answers (1)

Gaurav-Behl

MVP

13-02-2019

To me, you'd have to use x-cq-linkchecker="valid" in each script/tag which might become a pain for the developer and this is not a good approach since you're forcing the links to behave as valid. I think it would be better to disable it or exclude specific patterns.

Another aspect to consider is the outgoing traffic from pubs in PROD and the security concerns around it which could be a problem depending on how PROD setup is done.

the error that you receive is because of SSL/TLS issues, your network doesn't allow < TLS1.2 outgoing traffic