After updating the certificates for RSA Identity Governance & Lifecycle, WildFly reports error: JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
Originally Published: 2018-11-14
Article Number
Applies To
RSA Product/Service Type: Appliance
RSA Version/Condition: 7.0.0 and above
Issue
On examination, the following error is found in the WildFly log file: server.log.
2018-11-12 12:13:01,200 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.AveksaRealm.key-manager:
JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
When the /home/oracle/keystore/aveksa.keystore file is examined, the following results are returned.
# keytool -list -alias server -keystore aveksa.keystore Enter keystore password: server, Nov 7, 2018, trustedCertEntry, ...NOTE: The recommended password for the aveksa.keystore is: Av3k5a15num83r0n3
Cause
This is why WildFly reports that the file does not contain any keys.
This can occur if the "server" alias is replaced by a certificate.
Certificates are of Entry type: trustedCertEntry
Resolution
This is because the Private Key entry in the aveksa.keystore is missing and needs to be re-generated.
Step 2 from article 30130 is as follows.
keytool -genkeypair -keysize 2048 -alias server -keyalg RSA -keystore my.keystore -dname "CN=rsa-img.rsa.com" -ext san=dns:rsa-img.rsa.com,dns:rsa-imgThis creates a new keystore file, with the "server" alias that is of Entry type: PrivateKeyEntry
Notes
Related Articles
Update freezes when updating from RSA Authentication Manager 8.3 to Authentication Manager 8.3 patch 6 Number of Views A more concise guide to updating Authentication Manager 8.x passwords Number of Views Logging on to security console is very slow after updating to AM 8.5 Number of Views How to Configure Database Backups to write to an NFS File Share instead of Local Directory '/home/oracle/AveksaExportImpor… Number of Views How to Update the Root (Server) and Client Certificates in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
