Unable to sync crypto key across instances with AEM 6.5

Question

Hi,

I am trying to export the Global Trust Store with certificates and import in other instances to keep the certificate alias and SAML configuration.

I have done the following steps:

1) Go to AEM-> Tools->Security->TrustStore

2) Create TrustStore

3) Add certificate

4) Go to AEM-> Tools->Security->Users, select authentication-service.

5) Create keystore

6) Create package with:
/etc/truststore
/home/users/system/authentication-service/keystore
/etc/key

6) In AEM filesystem, go to crx-quickstart/launchpad/felix/bundle<id>/data, where id is the bundle id for "com.adobe.granite.crypto.file" and export hmac and master files

7) In other instance, replace files in crx-quickstart/launchpad/felix/bundle<id>/data with files from first instance

8 ) restart AEM

9) install the created package in the new instance

When I open the TrustStore in the new instance it shows the "Create TrustStore" button and the log has the following error:

GET /libs/granite/security/truststore.json HTTP/1.1] com.adobe.granite.security.user.internal.servlets.KeyStoreManagingServlet Unable to retrieve the truststore's aliases.
java.lang.SecurityException: com.adobe.granite.crypto.CryptoException: Cannot convert byte data
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.extractStorePassword(KeyStoreServiceImpl.java:605)

...

Caused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.

MarkusBullaAdobe · Accepted Answer

Hi @tiagonobresantos!Unfortunately, I don't have first hand experience with crypto key exports, but there are some good resources available online.Please refer to the following articles:Syncing keys among AEM instancesCryptoSupport Key Sharing and TroubleshootingPlease read through the articles and double check if the outlined process matches your steps. Hope that helps!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded