Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Service User with Keystore - importing via a package half-fails

Avatar

Level 7

Hi folks,

On the Author instance in the Stage environment, I created a Service User and added a Keystore that I created via open_ssl.

I used the ACL Packager program to build a package with my service user principal

and its permissions and keystore. I then replicated the package to the publish servers and it all worked fine. 

 

 

consult.png

 

However when I came to import the package on the Prod environment Author, I

was not so successful.

 

From the useradmin screen, it looked fine.

consult2.png

 

The system user was there with all the permissions and the keystore.

But, when I had a look at the security screen, no keystore was recognized...

 

 

consult3.png

 

So importing the service user and its keystore via package didn't work for me.

Unfortunately, I am supposed to use Packages exclusively on the Prod environment

so I'm a bit stumped.

Any suggestions ?

thanks

Fiona

1 Accepted Solution

Avatar

Correct answer by
Level 7

I'll answer my own question as it got worked out eventually.

 

It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.

In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure  /home/users/system/blah...  directory was ticked for all permissions incl replications. (useradmin)

Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at  least the keystore information showed up correctly when I viewed it from (security/users.html)

View solution in original post

4 Replies

Avatar

Correct answer by
Level 7

I'll answer my own question as it got worked out eventually.

 

It seems that the service-user+keystore package that I created in the lower environments didn't import properly into the Prod environment Author due to security checks.

In the end, I created the system user manually using crx/explorer/index.jsp in the Prod Author environment, uploaded the keystore file (from security/users.html) , made sure  /home/users/system/blah...  directory was ticked for all permissions incl replications. (useradmin)

Then I created an ACL Packager packer with the system user, and its principal, built the package and replicated to publish servers. This seemed to work o.k. at  least the keystore information showed up correctly when I viewed it from (security/users.html)

Avatar

Administrator
Thank you for sharing the answer with Community. This would help in posterity.


Kautuk Sahni

Avatar

Community Advisor

Its because of the import , some time you need to delete the keystore from the user and recreate the key it works fine.