After replacing the certificates for the RSA Identity Governance and Lifecycle application, it fails to start.
On examination, the following error is found in the WildFly log file: server.log.
2018-11-12 12:13:01,200 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.AveksaRealm.key-manager:
JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
When the /home/oracle/keystore/aveksa.keystore file is examined, the following results are returned.
# keytool -list -alias server -keystore aveksa.keystore
Enter keystore password:
server, Nov 7, 2018, trustedCertEntry,
NOTE: The recommended password for the aveksa.keystore is: Av3k5a15num83r0n3
The "server" alias in the aveksa.keystore is not of Entry type: PrivateKeyEntry. This is why WildFly reports that the file does not contain any keys.
This can occur if the "server" alias is replaced by a certificate. Certificates are of Entry type: trustedCertEntry