After updating the certificates for RSA Identity Governance & Lifecycle, WildFly reports error: JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
Originally Published: 2018-11-14
Article Number
Applies To
RSA Product/Service Type: Appliance
RSA Version/Condition: 7.0.0 and above
Issue
On examination, the following error is found in the WildFly log file: server.log.
2018-11-12 12:13:01,200 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.AveksaRealm.key-manager:
JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
When the /home/oracle/keystore/aveksa.keystore file is examined, the following results are returned.
# keytool -list -alias server -keystore aveksa.keystore Enter keystore password: server, Nov 7, 2018, trustedCertEntry, ...NOTE: The recommended password for the aveksa.keystore is: Av3k5a15num83r0n3
Cause
This is why WildFly reports that the file does not contain any keys.
This can occur if the "server" alias is replaced by a certificate.
Certificates are of Entry type: trustedCertEntry
Resolution
Work through all the steps from article https://community.rsa.com/s/article/Replacing-the-server-certificate-used-for-the-RSA-Identity-Governance-Lifecycle-appliance-web-administration-interface
This is because the Private Key entry in the aveksa.keystore is missing and needs to be re-generated.
Step 2 from article 30130 is as follows.
keytool -genkeypair -keysize 2048 -alias server -keyalg RSA -keystore my.keystore -dname "CN=rsa-img.rsa.com" -ext san=dns:rsa-img.rsa.com,dns:rsa-img
This creates a new keystore file, with the "server" alias that is of Entry type: PrivateKeyEntry
Notes
Related Articles
A more concise guide to updating Authentication Manager 8.x passwords Number of Views Logging on to security console is very slow after updating to AM 8.5 Number of Views Error 413--Request Entity Too Large, now system cannot be restarted when updating RSA Authentication Manager 8.3.0.… Number of Views Failed to deploy RSA IDR - VMware "Error updating httpd.conf" Number of Views Update freezes when updating from RSA Authentication Manager 8.3 to Authentication Manager 8.3 patch 6 Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Upgrade Process
Don't see what you're looking for?
