Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Unable to sync crypto key across instances with AEM 6.5

Avatar

Level 1

Hi,

 

I am trying to export the Global Trust Store with certificates and import in other instances to keep the certificate alias and SAML configuration.

I have done the following steps:

1) Go to AEM-> Tools->Security->TrustStore
2) Create TrustStore
3) Add certificate
4) Go to AEM-> Tools->Security->Users, select authentication-service.
5) Create keystore
6) Create package with:
/etc/truststore
/home/users/system/authentication-service/keystore
/etc/key
6) In AEM filesystem, go to crx-quickstart/launchpad/felix/bundle<id>/data, where id is the bundle id for "com.adobe.granite.crypto.file" and export hmac and master files
7) In other instance, replace files in crx-quickstart/launchpad/felix/bundle<id>/data with files from first instance
8 ) restart AEM
9) install the created package in the new instance
 
When I open the TrustStore in the new instance it shows the "Create TrustStore" button and the log has the following error:
 
GET /libs/granite/security/truststore.json HTTP/1.1] com.adobe.granite.security.user.internal.servlets.KeyStoreManagingServlet Unable to retrieve the truststore's aliases.
java.lang.SecurityException: com.adobe.granite.crypto.CryptoException: Cannot convert byte data
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.extractStorePassword(KeyStoreServiceImpl.java:605)
...
Caused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.
 
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi @tiagonobresantos!

Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.

Please refer to the following articles:

Please read through the articles and double check if the outlined process matches your steps.

 

Hope that helps!

View solution in original post

1 Reply

Avatar

Correct answer by
Employee Advisor

Hi @tiagonobresantos!

Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.

Please refer to the following articles:

Please read through the articles and double check if the outlined process matches your steps.

 

Hope that helps!