Expand my Community achievements bar.

SOLVED

Unable to sync crypto key across instances with AEM 6.5

Avatar

Level 1

Hi,

 

I am trying to export the Global Trust Store with certificates and import in other instances to keep the certificate alias and SAML configuration.

I have done the following steps:

1) Go to AEM-> Tools->Security->TrustStore
2) Create TrustStore
3) Add certificate
4) Go to AEM-> Tools->Security->Users, select authentication-service.
5) Create keystore
6) Create package with:
/etc/truststore
/home/users/system/authentication-service/keystore
/etc/key
6) In AEM filesystem, go to crx-quickstart/launchpad/felix/bundle<id>/data, where id is the bundle id for "com.adobe.granite.crypto.file" and export hmac and master files
7) In other instance, replace files in crx-quickstart/launchpad/felix/bundle<id>/data with files from first instance
8 ) restart AEM
9) install the created package in the new instance
 
When I open the TrustStore in the new instance it shows the "Create TrustStore" button and the log has the following error:
 
GET /libs/granite/security/truststore.json HTTP/1.1] com.adobe.granite.security.user.internal.servlets.KeyStoreManagingServlet Unable to retrieve the truststore's aliases.
java.lang.SecurityException: com.adobe.granite.crypto.CryptoException: Cannot convert byte data
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.extractStorePassword(KeyStoreServiceImpl.java:605)
...
Caused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.
 
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi @tiagonobresantos!

Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.

Please refer to the following articles:

Please read through the articles and double check if the outlined process matches your steps.

 

Hope that helps!

View solution in original post

1 Reply

Avatar

Correct answer by
Employee Advisor

Hi @tiagonobresantos!

Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.

Please refer to the following articles:

Please read through the articles and double check if the outlined process matches your steps.

 

Hope that helps!