Replicating Keys for AEM 6.2 and Older Versions

Solution:

Replicating Keys for AEM 6.2 and older version.

In AEM 6.2 and older versions, the keys are stored in the repository under the /etc/key node.

The recommended way to securely replicate the keys across your instances is to only replicate this node. You can selectively replicate nodes via CRXDE Lite:

  1. Open CRXDE Lite by going to http://serrveraddress:4502/crx/de/index.jsp
  2. Select the /etc/key node.
  3. Go to the Replication tab.
  4. Press the Replication button.

Replicating Keys for AEM 6.3

Whereas in older versions the replication keys were stored in the repository, beginning with AEM 6.3 they are stored on the filesystem.

Therefore, in order to replicate your keys across instances you need to copy them from the source instance to the target instances' location on the filesystem.

More specifically, you need to:
  1. Access the AEM instance, typically an author instance, that contains the key material to copy;
  2. Locate the com.adobe.granite.crypto.file bundle in the local file system. For example, under this path: /crx-quickstart/launchpad/felix/bundle21
  3. The bundle.info file inside each folder will identify the bundle name.
  4. Navigate to the data folder. For example: /crx-quickstart/launchpad/felix/bundle21/data
  5. Copy the HMAC and master files.
  6. Then, go to the target instance you want to duplicate the HMAC key to, and navigate to the data folder. For example: /crx-quickstart/launchpad/felix/bundle21/data Paste the two files you previously copied.
  7. Refresh the Crypto Bundle if the target instance is already running.
  8. Repeat the above steps for all instances you want to replicate the key to.
Note:

You can revert to the pre 6.3 method of storing keys by adding the below parameter when you first install AEM:
-Dcom.adobe.granite.crypto.file.disable=true

No comments:

Post a Comment