000022120 - Error: 'MacData error' when starting RSA ClearTrust dispatcher

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022120
Applies ToRSA ClearTrust 5.5.3
RSA ClearTrust Dispatcher/KeyServer
IssueError: "MacData error" when starting RSA ClearTrust dispatcher
14:20:21:019 [*] [main] - Provider com.rsa.certj.pkcs12.Provider was already installed.
14:20:21:112 [*] [main] - done.
14:20:21:273 [*] [main] - KeyStoreFactory.getKeystore: looking for /local/ctrust55/conf/clientkeys.p12
14:20:21:275 [*] [main] - Loading keyStore from /local/ctrust55/conf/clientkeys.p12
com.rsa.certj.pkcs12.PKCS12Exception: MacData.MacData: MAC Verification failed
14:20:21:761 [*] [main] - Could not load Certificate: java.security.cert.CertificateException
14:20:21:763 [*] [main] - PropertiesMessageFactory: fetch message DISP-00003
DISP-00003-E: Unknown failure during initialization.
 
Details :
 
java.lang.Error: Could not load Certificate: java.security.cert.CertificateException
 
Stack Trace :
 
java.lang.Error: Could not load Certificate: java.security.cert.CertificateException
        at sirrus.util.keystore.KeyStoreFactory.getKeyStore(KeyStoreFactory.java:213)
        at sirrus.util.net.SocketFactory.loadCAKeystore(SocketFactory.java:321)
        at sirrus.util.net.SocketFactory.createFromConfigurator(SocketFactory.java:256)
        at sirrus.util.net.SocketFactory.createFromConfigurator(SocketFactory.java:179)
        at sirrus.util.net.SocketFactory.createFromConfigurator(SocketFactory.java:129)
        at sirrus.dispatcher.AuthorizationDispatcher.checkStopService(AuthorizationDispatcher.java:73)
        at sirrus.dispatcher.AuthorizationDispatcher.<init>(AuthorizationDispatcher.java:109)
        at sirrus.dispatcher.AuthorizationDispatcher.main(AuthorizationDispatcher.java:369)
 
14:20:21:772 [*] [main] - PropertiesMessageFactory: fetch message DISP-00050
DISP-00050-E: Authorization Server Dispatcher initialization failed.
Cause
This error usually indicates an incorrect RSA ClearTrust keystore password:

    cleartrust.net.ssl.private.keystore_passphrase=

This error may also occur if the PKCS12 key cannot be obtained from the keystore due to a problem with the format. Although PKCS12 is a standard format, subtle differences in the way some programs generate PKCS 12 object may create incompatibilities.
ResolutionTo correct this issue, ensure that you are using the correct password for your RSA ClearTrust keystore. Recreate your PKCS12 keystore object using the methods described in the RSA ClearTrust 5.5.3 Installation and Configuration Guide.
Legacy Article IDa27096

Attachments

    Outcomes