手動切換作者後還原SSL憑證
了解如何修復手動切換作者後還原的 SSL 憑證。
說明 description
環境
Adobe Experience Manager (AEM)內部部署6.5.15
問題/症狀
AEM環境設定為包含兩個作者、發佈者和Dispatcher,其中一個作者處於作用中(主要)狀態,一個作者處於待命(次要)狀態,而發佈者和Dispatcher處於高可用性狀態。
次要作者未使用SSL啟用,所以在匯入SSL憑證時,為了切換到它,需要關閉主要作者。
此操作後,將可存取次要作者。 執行這些步驟後,可將作者切換回其初始狀態。 當透過切換次要作者來再次嘗試相同程式時,由於之前匯入的憑證缺少可用性,因此無法存取該程式。
解決方法 resolution
請依照下列步驟同步HMAC:
在主要作者上:
- 瀏覽至 osgi
>套件組合和確認套件組合<ID>的"com.adobe.granite.crypto.file". - 瀏覽至
"/crx-quickstart/launchpad/felix/bundle<ID>/data",其中套件<ID>是在步驟1找到的。 - 將「hmac」和「master」複製到
"/crx-quickstart/launchpad/felix/bundle<Id>/data".
在次要作者上:
- 瀏覽至 osgi
>套件組合和確認套件組合<ID>的"com.adobe.granite.crypto.file" - 備份
"/crx-quickstart/launchpad/felix/bundle<ID>/data". - 將來自author1的兩個複製檔案貼到author2中的相同路徑,並取代舊檔案。
- 重新啟動目標com.adobe.granite.crypto套件組合或整個AEM執行個體。
在兩個作者上同步HMAC金鑰後,憑證不再還原。
注意:
錯誤 [ 1] 出現在次要作者的錯誤記錄檔中。
[ 1]
03.09.2023 12:30:29.212 *WARN* [ FelixStartLevel] com.adobe.granite.crypto.config.internal.GraniteCryptoConfigurationPlugin Exception while decrypting the configuration mapcom.adobe.granite.crypto.CryptoException: Cannot convert byte dataat com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:130) [ com.adobe.granite.crypto:3.4.16] at com.adobe.granite.crypto.config.internal.GraniteCryptoConfigurationPlugin.modifyConfiguration(GraniteCryptoConfigurationPlugin.java:57) [ com.adobe.granite.crypto.config:0.0.4] at org.apache.felix.cm.impl.ConfigurationManager.callPlugins(ConfigurationManager.java:912) [ org.apache.felix.configadmin:1.9.12] at org.apache.felix.cm.impl.ConfigurationAdapter.getProcessedProperties(ConfigurationAdapter.java:292) [ org.apache.felix.configadmin:1.9.12] at org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configureComponentHolder(RegionConfigurationSupport.java:228) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.BundleComponentActivator.setRegionConfigurationSupport(BundleComponentActivator.java:785) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.helper.ConfigAdminTracker$1.addingService(ConfigAdminTracker.java:69) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.helper.ConfigAdminTracker$1.addingService(ConfigAdminTracker.java:41) [ org.apache.felix.scr:2.1.20] at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:943)at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:871)at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:321)at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:264)at org.apache.felix.scr.impl.helper.ConfigAdminTracker.<init>(ConfigAdminTracker.java:86) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.BundleComponentActivator.<init>(BundleComponentActivator.java:269) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:551) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator.access$200(Activator.java:69) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:424) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.createExtension(AbstractExtender.java:196) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:169) [ org.apache.felix.scr:2.1.20] at org.apache.felix.scr.impl.AbstractExtender.modifiedBundle(AbstractExtender.java:49) [ org.apache.felix.scr:2.1.20] at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:488)at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:420)at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)at org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:450)at org.apache.felix.framework.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:915)at org.apache.felix.framework.EventDispatcher.fireEventImmediately(EventDispatcher.java:834)at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:516)at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4817)at org.apache.felix.framework.Felix.startBundle(Felix.java:2336)at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1539)at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)at java.lang.Thread.run(Thread.java:750)Caused by: com.adobe.granite.crypto.CryptoException: Failed decrypting cipher textat com.adobe.granite.crypto.internal.CryptoSupportImpl.decrypt(CryptoSupportImpl.java:66) [ com.adobe.granite.crypto:3.4.16] at com.adobe.granite.crypto.internal.CryptoSupportImpl.unprotect(CryptoSupportImpl.java:127) [ com.adobe.granite.crypto:3.4.16] ... 33 common frames omittedCaused by: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.at com.rsa.jsafe.JSAFE_SymmetricCipher.decryptFinal(Unknown Source)at com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport.getPlainText(JSafeCryptoSupport.java:267)at com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport.getPlainText(JSafeCryptoSupport.java:249)at com.adobe.granite.crypto.internal.CryptoSupportImpl.decrypt(CryptoSupportImpl.java:64) [ com.adobe.granite.crypto:3.4.16] ... 34 common frames omitted
原因
此錯誤通常在執行個體上的加密功能中斷時出現,在此情況下,HMAC金鑰需要從匯入憑證的執行個體同步。
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f