Mutual SSL - AEM 6.2 | Community
Skip to main content
shab_ravi
shab_ravi
Level 2
December 6, 2016

Mutual SSL - AEM 6.2

  • December 6, 2016
  • 1 reply
  • 4796 views

Hi,

We are trying to set up mutual SSL between our AEM render instances and dispatchers. We have made the configuration changes as per Adobe documentation ( https://docs.adobe.com/docs/en/dispatcher/disp-ssl.html#par_title_2 for mutual SSL and https://docs.adobe.com/docs/en/aem/6-2/deploy/configuring/config-ssl.html for enabling https for AEM consoles ).

The problem we are facing is when trying to run replication agents on secure port , getting the following error which suggests the certificate chain is incomplete ( from what I can see in other forums ). But we do have the root and intermediate certs installed in our keystore. 

30.11.2016 11:50:17 - Error while sending request: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

30.11.2016 11:50:17 - Replication (TEST) of /content not successful: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Conversation follows

Could someone please advise what might be wrong and how to get replication agent working on https port. 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

smacdonald2008
smacdonald2008
Level 10
December 6, 2016

I sent this question to our AEM experts - they feel that you should open a ticket for this as support will need to investigate this. Please open a ticket. 

shab_ravi
shab_raviAuthor
Level 2
December 6, 2016

Thanks smacdonald2008 .We do have a ticket open with adobe. There is a delay in getting response from them though , so thought someone here might have seen this or worked on similar issue. Will update the details from the ticket here once we get a resolution.

diogopedreira1
diogopedreira1
February 24, 2017

Hi guys, 

Any news regarding this?

From what I've read it seems that somehow the given truststore doesn't recognize the end server as a valid endpoint. I've confirmed that my truststore contains the end server .crt and I'm able to connect to it via openssl.

Any ideas?

Thanks!

Diogo

Terms & ConditionsAccessibility statement

Loading footer...