Import the signed cert back in with: #import the signed cert into the keystore, using the same alias as you used above ( Important Note: have not tested this alias with ¯\_(ツ)_/¯ emoji, so perhaps not anything you want) It’s an arbitrary name and can be anything you want. The alias is just a key to the entries in the JKS database. In this case, the ‘alias’ you would use for your import command would be ‘aem-author-test’. To see the certs which are loaded in a given JKS file use: ssl]$ keytool -list -keystore aem-author-test.jks First, make sure you have the alias correct for the cert you’re importing (important if you’re doing this for many servers). Keytool -importcert -trustcacerts -file intermediatecert.pem -keystore AEM_author_dev.jks -alias "Intermediate Cert"Īfter this, you’ll want to import your signed cert back into the JKS file.
#import the intermediate cert into the keystore, ensuring the alias is correct (you can import into a browser to check) Keytool -importcert -trustcacerts -file rootcert.pem -keystore AEM_author_dev.jks -alias "Root CA Cert" This is a vital step if your organization runs its own cert authority. Then, once you get the signed certs back from your certificate authority, you may first need to install their intermediate certs or root certs into your JKS file, presuming their intermediate certs aren’t embedded in the JDK. Self-signed certs will work in AEM as well, but let’s just assume for the purposes of the docs here that you’re doing this for PRD and are required to use externally-valid SSL certs.įirst, generate your cert-signing request (CSR) which will also create a JKS file and embed the private key for the SSL cert into the JKS file: keytool -genkey -alias aem-author-test -keyalg RSA -keysize 2048 -keystore AEM_author_dev.jks -dname "CN=, O=Companyname, L=CityName, ST=, C=US" & keytool -certreq -alias aem-author-test -file AEM_author_dev.csr -keystore AEM_author_dev.jks Generating SSL Certificates & Importing into Java Keystoreįirst, I’ll assume here that you’re going to need to generate SSL certificates that need to be signed by an external cert signing authority. Most of the steps are in the official Adobe docs, though there are a few gotchas which I’ll document here to make it easier, should you need to set this up or debug it.
AEM 6.1 and 6.2 however required one to use a Java Keystore with the keys stored on-disk, a paradigm which still works for AEM 6.3/6.4 as well, though it’s somewhat deprecated and also significantly more difficult.
#Adobe updater install manager update 6.2 full#
As I noted in my other post on setting up AEM for server-to-server SSL, doing full SSL on AEM 6.3 and 6.4 can be done fairly simply these days using a relatively easy-to-use UI for the most part, with the SSL keys themselves stored in the repository.
0 kommentar(er)
