手動切換作者後還原SSL憑證

了解如何修復手動切換作者後還原的 SSL 憑證。

說明 description

環境

Adobe Experience Manager (AEM)內部部署6.5.15

問題/症狀

AEM環境設定為包含兩個作者、發佈者和Dispatcher,其中一個作者處於作用中(主要)狀態,一個作者處於待命(次要)狀態,而發佈者和Dispatcher處於高可用性狀態。

次要作者未使用SSL啟用,所以在匯入SSL憑證時,為了切換到它,需要關閉主要作者。

此操作後,將可存取次要作者。 執行這些步驟後,可將作者切換回其初始狀態。 當透過切換次要作者來再次嘗試相同程式時,由於之前匯入的憑證缺少可用性,因此無法存取該程式。

解決方法 resolution

請依照下列步驟同步HMAC:

在主要作者上:

  1. 瀏覽至 OSGi > 套件組合,並確認"com.adobe.granite.crypto.file".的套件組合< ID>
  2. 導覽至"/crx-quickstart/launchpad/felix/bundle<ID>/data",其中bundle< ID>是在步驟1中找到的專案。
  3. "/crx-quickstart/launchpad/felix/bundle<Id>/data".下複製「hmac」和「master」

在次要作者上:

  1. 瀏覽至 OSGi > 套件組合,並確認"com.adobe.granite.crypto.file"的套件組合< ID>
  2. 備份"/crx-quickstart/launchpad/felix/bundle<ID>/data".
  3. 將來自author1的兩個複製檔案貼到author2中的相同路徑,並取代舊檔案。
  4. 重新啟動目標com.adobe.granite.crypto套件組合或整個AEM執行個體。

在兩個作者上同步HMAC金鑰後,憑證不再還原。

附註:
次要作者的錯誤記錄中出現錯誤[ 1]

[ 1]

03.09.2023 12:30:29.212 *WARN* [ FelixStartLevel]  com.adobe.granite.crypto.config.internal.GraniteCryptoConfigurationPlugin Exception while decrypting the configuration mapcom.adobe.granite.crypto.CryptoException: Cannot convert byte dataat com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:130) [ com.adobe.granite.crypto:3.4.16] at com.adobe.granite.crypto.config.internal.GraniteCryptoConfigurationPlugin.modifyConfiguration(GraniteCryptoConfigurationPlugin.java:57) [ com.adobe.granite.crypto.config:0.0.4] at org.apache.felix.cm.impl.ConfigurationManager.callPlugins(ConfigurationManager.java:912) [ org.apache.felix.configadmin:1.9.12] at org.apache.felix.cm.impl.ConfigurationAdapter.getProcessedProperties(ConfigurationAdapter.java:292) [ org.apache.felix.configadmin:1.9.12] at org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configureComponentHolder(RegionConfigurationSupport.java:228) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.BundleComponentActivator.setRegionConfigurationSupport(BundleComponentActivator.java:785) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.helper.ConfigAdminTracker$1.addingService(ConfigAdminTracker.java:69) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.helper.ConfigAdminTracker$1.addingService(ConfigAdminTracker.java:41) [ org.apache.felix.scr:2.1.20] at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:943)at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:871)at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:321)at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:264)at org.apache.felix.scr.impl.helper.ConfigAdminTracker.<init>(ConfigAdminTracker.java:86) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.BundleComponentActivator.<init>(BundleComponentActivator.java:269) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:551) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator.access$200(Activator.java:69) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:424) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.createExtension(AbstractExtender.java:196) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:169) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:49) [ org.apache.felix.scr:2.1.20] at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:488)at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:420)at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)at org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:450)at org.apache.felix.framework.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:915)at org.apache.felix.framework.EventDispatcher.fireEventImmediately(EventDispatcher.java:834)at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:516)at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4817)at org.apache.felix.framework.Felix.startBundle(Felix.java:2336)at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1539)at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)at java.lang.Thread.run(Thread.java:750)Caused by: com.adobe.granite.crypto.CryptoException: Failed decrypting cipher textat com.adobe.granite.crypto.internal.CryptoSupportImpl.decrypt(CryptoSupportImpl.java:66) [ com.adobe.granite.crypto:3.4.16] at com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:127) [ com.adobe.granite.crypto:3.4.16] ... 33 common frames omittedCaused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.at com.rsa.jsafe.JSAFE_SymmetricCipher.decryptFinal(Unknown Source)at com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport.getPlainText(JSafeCryptoSupport.java:267)at com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport.getPlainText(JSafeCryptoSupport.java:249)at com.adobe.granite.crypto.internal.CryptoSupportImpl.decrypt(CryptoSupportImpl.java:64) [ com.adobe.granite.crypto:3.4.16] ... 34 common frames omitted

原因

此錯誤通常在執行個體上的加密功能中斷時出現,在此情況下,HMAC金鑰需要從匯入憑證的執行個體同步。

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f