on Jan 15, 2019Article Content
| Article Number | 000036403 |
| Applies To | RSA Product Set: RSA Identity Governance & Lifecycle RSA Product/Service Type: Appliance RSA Version/Condition: 7.1 Platform: Linux Platform (Other): WildFly application server |
| Issue | When attempting to install RSA Identity Governance & Lifecycle version 7.1, and additionally, an alias other than "server" has been, or is being, implemented in the aveksa.keystore, then the following error may be reported in the aveksa-install.log file, and the installation will stop. Repackage aveksa.ear to /tmp/repackaged_ear_dir Deploying aveksa.ear... {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-2" => {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}}} Failed to deploy aveksa.ear Step failed! See /tmp/aveksa-install.log for more information. <EOF> The root cause error is located in the WildFly server.log file. 2018-05-22 18:18:15,097 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("security-realm" => "AveksaRealm") ]) - failure description: { "WFLYCTL0080: Failed services" => {"jboss.server.controller.management.security_realm.AveksaRealm.key-manager" => "org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: Failed to start service Caused by: java.lang.IllegalStateException: org.jboss.msc.service.StartException in anonymous service: WFLYDM0085: The alias specified 'server' does not exist in the KeyStore, valid aliases are {alias-list} Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYDM0085: The alias specified 'server' does not exist in the KeyStore, valid aliases are {alias-list}"}, "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.controller.management.security_realm.AveksaRealm.key-manager"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined } The use cases where this may occur are;
AdditionalThese messages occur in the aveksa-install.log, when an existing RSA Identity Governance and Lifecycle implementation is being upgraded. ... Creating new keystore directory /home/oracle/keystore ... Existing aveksa.keystore found under /home/oracle/jboss-4.2.2.GA/server/default/conf/keystore Moving aveksa.keystore to the new keystore directory: /home/oracle/keystore ... [Tue May 22 18:15:26 EDT 2018] Configuring SSL Certificates completed ... |
| Cause | The server certificate (chain) with the private key for alias "serve," was not found in the aveksa.keystore file, when the install process attempted to deploy the aveksa.ear. The alias "server" is the private key for the Aveksa server.
|
| Resolution | Make sure that the aveksa.keystore contains the alias "server."
# mv aveksa.keystore aveksa.keystore.bak
-changealias [-v] [-protected] -alias <alias> -destalias <destalias> [-keypass <keypass>] [-keystore <keystore>] [-storepass <storepass>] [-storetype <storetype>] [-providername <name>] [-providerclass <provider_class_name> [-providerarg <arg>]] ... [-providerpath <pathlist>] Move an existing keystore entry from the specified alias to a new alias, destalias. If no destination alias is provided, the command will prompt for one. If the original entry is protected with an entry password, the password can be supplied via the "-keypass" option. If no key password is provided, the storepass (if given) will be attempted first. If that attempt fails, the user will be prompted for a password.
# keytool -changealias -alias server691 -destalias server -storepass Av3k5a15num83r0n3 -keystore aveksa.keystore |
| Notes | Further information for the keytool utility can be found on the Oracle Java keytool - Key and Certificate Management Tool page. |