|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Product/Service Type: Appliance
RSA Version/Condition: 7.0.0 and above
|Issue||After replacing the certificates for the RSA Identity Governance and Lifecycle application, it fails to start.|
On examination, the following error is found in the WildFly log file: server.log.
When the /home/oracle/keystore/aveksa.keystore file is examined, the following results are returned.
NOTE: The recommended password for the aveksa.keystore is: Av3k5a15num83r0n3
|Cause||The "server" alias in the aveksa.keystore is not of Entry type: PrivateKeyEntry.|
This is why WildFly reports that the file does not contain any keys.
This can occur if the "server" alias is replaced by a certificate.
Certificates are of Entry type: trustedCertEntry
|Resolution||Work through all the steps from article 000030130 - How to replace the server certificate used for the RSA Identity Governance & Lifecycle appliance web administration interface|
This is because the Private Key entry in the aveksa.keystore is missing and needs to be re-generated.
Step 2 from article 30130 is as follows.
This creates a new keystore file, with the "server" alias that is of Entry type: PrivateKeyEntry
|Notes||Please note that in this situation, no entries will be added to the aveksaServer.log, because the application is yet to start.|