Expand my Community achievements bar.

SOLVED

Service User with Keystore - importing via a package half-fails

Avatar

Level 7
Level 7
11/18/20 2:10:14 PM

Hi folks,

On the Author instance in the Stage environment, I created a Service User and added a Keystore that I created via open_ssl.

I used the ACL Packager program to build a package with my service user principal

and its permissions and keystore. I then replicated the package to the publish servers and it all worked fine. 

 

 

consult.png

 

However when I came to import the package on the Prod environment Author, I

was not so successful.

 

From the useradmin screen, it looked fine.

consult2.png

 

The system user was there with all the permissions and the keystore.

But, when I had a look at the security screen, no keystore was recognized...

 

 

consult3.png

 

So importing the service user and its keystore via package didn't work for me.

Unfortunately, I am supposed to use Packages exclusively on the Prod environment

so I'm a bit stumped.

Any suggestions ?

thanks

Fiona

Views

1.2K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 7
Level 7
11/19/20 11:42:09 AM

I'll answer my own question as it got worked out eventually.

 

It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.

In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure  /home/users/system/blah...  directory was ticked for all permissions incl replications. (useradmin)

Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at  least the keystore information showed up correctly when I viewed it from (security/users.html)

View solution in original post

Views

1.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Correct answer by
Level 7
Level 7
11/19/20 11:42:09 AM

I'll answer my own question as it got worked out eventually.

 

It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.

In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure  /home/users/system/blah...  directory was ticked for all permissions incl replications. (useradmin)

Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at  least the keystore information showed up correctly when I viewed it from (security/users.html)

Views

1.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Administrator
Administrator
11/23/20 12:11:25 AM
In response to fionas76543059
Thank you for sharing the answer with Community. This would help in posterity.


Kautuk Sahni

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
11/19/20 8:00:41 PM

Its because of the import , some time you need to delete the keystore from the user and recreate the key it works fine.

Views

1.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate