手动切换作者后,SSL证书将还原
了解如何修复 SSL 证书在手动切换作者后恢复这一问题。
描述 description
环境
Adobe Experience Manager (AEM)内部部署6.5.15
问题/症状
AEM环境设置有两个作者、发布者和调度程序,其中一个作者处于活动状态(主要),一个作者处于备用状态(次要),并且发布者和调度程序处于高可用性。
辅助作者未使用SSL启用,因此导入SSL证书时,需要关闭主要作者才能切换到辅助作者。
此操作后,将可以访问辅助作者。 执行这些步骤后,可以将作者切换回其初始状态。 当通过切换辅助作者再次尝试同一过程时,由于之前导入的证书不可用,因此无法访问该过程。
解决方法 resolution
按照以下步骤同步HMAC:
对于主要作者:
- 导航到 OSGi
>包,并确认"com.adobe.granite.crypto.file".的包<ID> - 导航到
"/crx-quickstart/launchpad/felix/bundle<ID>/data",其中bundle<ID>是在步骤1中找到的。 - 在
"/crx-quickstart/launchpad/felix/bundle<Id>/data".下复制“hmac”和“master”
在辅助作者中:
- 导航到 OSGi
>包,并确认"com.adobe.granite.crypto.file"的包<ID> - 备份
"/crx-quickstart/launchpad/felix/bundle<ID>/data". - 将来自author1的两个复制文件粘贴到author2中的同一路径,并替换旧文件。
- 重新启动target com.adobe.granite.crypto捆绑包或整个AEM实例。
在两个作者上同步HMAC密钥后,证书不再还原。
注释:
辅助作者的错误日志中存在错误[ 1]。
[ 1]
03.09.2023 12:30:29.212 *WARN* [ FelixStartLevel] com.adobe.granite.crypto.config.internal.GraniteCryptoConfigurationPlugin Exception while decrypting the configuration mapcom.adobe.granite.crypto.CryptoException: Cannot convert byte dataat com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:130) [ com.adobe.granite.crypto:3.4.16] at com.adobe.granite.crypto.config.internal.GraniteCryptoConfigurationPlugin.modifyConfiguration(GraniteCryptoConfigurationPlugin.java:57) [ com.adobe.granite.crypto.config:0.0.4] at org.apache.felix.cm.impl.ConfigurationManager.callPlugins(ConfigurationManager.java:912) [ org.apache.felix.configadmin:1.9.12] at org.apache.felix.cm.impl.ConfigurationAdapter.getProcessedProperties(ConfigurationAdapter.java:292) [ org.apache.felix.configadmin:1.9.12] at org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configureComponentHolder(RegionConfigurationSupport.java:228) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.BundleComponentActivator.setRegionConfigurationSupport(BundleComponentActivator.java:785) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.helper.ConfigAdminTracker$1.addingService(ConfigAdminTracker.java:69) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.helper.ConfigAdminTracker$1.addingService(ConfigAdminTracker.java:41) [ org.apache.felix.scr:2.1.20] at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:943)at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:871)at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:321)at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:264)at org.apache.felix.scr.impl.helper.ConfigAdminTracker.<init>(ConfigAdminTracker.java:86) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.BundleComponentActivator.<init>(BundleComponentActivator.java:269) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:551) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator.access$200(Activator.java:69) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:424) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.createExtension(AbstractExtender.java:196) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:169) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:49) [ org.apache.felix.scr:2.1.20] at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:488)at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:420)at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)at org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:450)at org.apache.felix.framework.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:915)at org.apache.felix.framework.EventDispatcher.fireEventImmediately(EventDispatcher.java:834)at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:516)at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4817)at org.apache.felix.framework.Felix.startBundle(Felix.java:2336)at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1539)at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)at java.lang.Thread.run(Thread.java:750)Caused by: com.adobe.granite.crypto.CryptoException: Failed decrypting cipher textat com.adobe.granite.crypto.internal.CryptoSupportImpl.decrypt(CryptoSupportImpl.java:66) [ com.adobe.granite.crypto:3.4.16] at com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:127) [ com.adobe.granite.crypto:3.4.16] ... 33 common frames omittedCaused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.at com.rsa.jsafe.JSAFE_SymmetricCipher.decryptFinal(Unknown Source)at com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport.getPlainText(JSafeCryptoSupport.java:267)at com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport.getPlainText(JSafeCryptoSupport.java:249)at com.adobe.granite.crypto.internal.CryptoSupportImpl.decrypt(CryptoSupportImpl.java:64) [ com.adobe.granite.crypto:3.4.16] ... 34 common frames omitted
原因
此错误通常在实例上的加密功能损坏时出现,在这种情况下,HMAC密钥需要从导入证书的实例中同步。
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f