Article Content
Article Number | 000036403 |
Applies To | RSA Product Set: RSA Identity Governance & Lifecycle RSA Product/Service Type: Appliance RSA Version/Condition: 7.1.0, 7.1.1 |
Issue | When attempting to install RSA Identity Governance & Lifecycle version 7.1.0 or 7.1.1, the installation fails. The /tmp/aveksa-install.log file contains the following error:
If this is an upgrade, these messages may also be see in the /tmp/aveksa-install.log:
The $AVEKSA_HOME/wildfly/standalone/log/server.log contains the following errors:
|
Cause | The root cause of the failure is this error in the $AVEKSA_HOME/wildfly/standalone/log/server.log file: WFLYDM0085: The alias specified 'server' does not exist in the KeyStore This error indicates that the server certificate (chain) with the private key for alias server was not found in the $AVEKSA_HOME/keystore/aveksa.keystore file when the install process attempted to deploy the aveksa.ear. The alias 'server' is the private key for the aveksa server. The $AVEKSA_HOME/keystore/aveksa.keystore file should contain one entry called server that should be owned by aveksa. For example:
Please note that the RSA Identity Governance and Lifecycle 7.1 Installation Guide does suggest that the alias can be changed from server but this is not the case. |
Resolution | Make sure that the $AVEKSA_HOME/keystore/aveksa.keystore and the $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml (WildFly configuration file) each contain the alias name server.
As the root user check the alias name in the aveksa.keystore file.
The output should have the following:
If there is any other value for the alias name, it needs to be changed to server. To change the alias name in aveksa.keystore:
An example of changing an alias back to server is as follows. In this example, the alias name that caused the error is server711:
The path should have the following:
If there is any other value for the alias name, it needs to be changed to server.
|
Notes | Further information for the keytool utility can be found on the Oracle Java keytool - Key and Certificate Management Tool page. |