Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Unable to sync crypto key across instances with AEM 6.5

tiagonobresantos
Level 1
Level 1

Hi,

 

I am trying to export the Global Trust Store with certificates and import in other instances to keep the certificate alias and SAML configuration.

I have done the following steps:

1) Go to AEM-> Tools->Security->TrustStore
2) Create TrustStore
3) Add certificate
4) Go to AEM-> Tools->Security->Users, select authentication-service.
5) Create keystore
6) Create package with:
/etc/truststore
/home/users/system/authentication-service/keystore
/etc/key
6) In AEM filesystem, go to crx-quickstart/launchpad/felix/bundle<id>/data, where id is the bundle id for "com.adobe.granite.crypto.file" and export hmac and master files
7) In other instance, replace files in crx-quickstart/launchpad/felix/bundle<id>/data with files from first instance
8 ) restart AEM
9) install the created package in the new instance
 
When I open the TrustStore in the new instance it shows the "Create TrustStore" button and the log has the following error:
 
GET /libs/granite/security/truststore.json HTTP/1.1] com.adobe.granite.security.user.internal.servlets.KeyStoreManagingServlet Unable to retrieve the truststore's aliases.
java.lang.SecurityException: com.adobe.granite.crypto.CryptoException: Cannot convert byte data
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.extractStorePassword(KeyStoreServiceImpl.java:605)
...
Caused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.
 
1 Accepted Solution
markus_bulla_adobe
Correct answer by
Employee
Employee

Hi @tiagonobresantos!

Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.

Please refer to the following articles:

Please read through the articles and double check if the outlined process matches your steps.

 

Hope that helps!

View solution in original post

1 Reply
markus_bulla_adobe
Correct answer by
Employee
Employee

Hi @tiagonobresantos!

Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.

Please refer to the following articles:

Please read through the articles and double check if the outlined process matches your steps.

 

Hope that helps!

View solution in original post