Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036952 - After updating the certificates for RSA Identity Governance & Lifecycle, WildFly reports error: JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.

Document created by RSA Customer Support

on Dec 7, 2018

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036952
Applies To	RSA Product Set: Identity Governance & Lifecycle RSA Product/Service Type: Appliance RSA Version/Condition: 7.0.0 and above
Issue	After replacing the certificates for the RSA Identity Governance and Lifecycle application, it fails to start. On examination, the following error is found in the WildFly log file: server.log. 2018-11-12 12:13:01,200 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys. When the /home/oracle/keystore/aveksa.keystore file is examined, the following results are returned. # keytool -list -alias server -keystore aveksa.keystore Enter keystore password: server, Nov 7, 2018, trustedCertEntry, ... NOTE: The recommended password for the aveksa.keystore is: Av3k5a15num83r0n3
Cause	The "server" alias in the aveksa.keystore is not of Entry type: PrivateKeyEntry. This is why WildFly reports that the file does not contain any keys. This can occur if the "server" alias is replaced by a certificate. Certificates are of Entry type: trustedCertEntry
Resolution	Work through all the steps from article 000030130 - How to replace the server certificate used for the RSA Identity Governance & Lifecycle appliance web administration interface This is because the Private Key entry in the aveksa.keystore is missing and needs to be re-generated. Step 2 from article 30130 is as follows. keytool -genkeypair -keysize 2048 -alias server -keyalg RSA -keystore my.keystore -dname "CN=rsa-img.rsa.com" -ext san=dns:rsa-img.rsa.com,dns:rsa-img This creates a new keystore file, with the "server" alias that is of Entry type: PrivateKeyEntry
Notes	Please note that in this situation, no entries will be added to the aveksaServer.log, because the application is yet to start.

Attachments

Outcomes

0 Comments

Recommended Content