Technote (troubleshooting)
Problem(Abstract)
Server cannot shutdown or deploy when using configured encryption and --secure together.
java.security.KeyStoreException: IBMKeyManager: Problem accessing key
store java.io.IOException: Keystore was tampered with, or password was
incorrect
at com.ibm.jsse2.rc.a(rc.java:45)
at com.ibm.jsse2.tc.g(tc.java:17)
Cause
ConfiguredEncryption gbean is not involved when using shutdown or deploy command
Resolving the problem
Add ConfiguredEncryption code to crypto package and involves it in EncryptionManager, so that we can decrypt Configured password when the ConfiguredEncryption gbean is not involved.
Use following steps to install:
1. Shutdown server
2. Backup [ServerInstallationPath]/lib/geronimo-crypto-2.1.8-wasce.jar
3. Add attached to [ServerInstallationPath]/lib
4. Enable ConfiguredEncryption gbean in config.xml like this:
<gbean name="org.apache.geronimo.framework/rmi-naming/2.1.8-wasce/car?j2eeType=GBean,name=ConfiguredEncryption" gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference name="ServerInfo">
<pattern>
<name>ServerInfo</name>
</pattern>
</reference>
</gbean>
5. Add -Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=[Your password file location] -Dorg.apache.geronimo.security.encryption.keyfile=[ServerInstallationPath]\var\security\ConfiguredSecretKey.ser to JAVA_OPTS and make it available
6. Start server
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.