IBM Support

The command of shutdown or deploy are invaild when using configured encryption and --secure together

Troubleshooting


Problem

Server cannot shutdown or deploy when using configured encryption and --secure together. java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect at com.ibm.jsse2.rc.a(rc.java:45) at com.ibm.jsse2.tc.g(tc.java:17)

Cause

ConfiguredEncryption gbean is not involved when using shutdown or deploy command

Resolving The Problem

Add ConfiguredEncryption code to crypto package and involves it in EncryptionManager, so that we can decrypt Configured password when the ConfiguredEncryption gbean is not involved.

Use following steps to install:

1. Shutdown server

2. Backup [ServerInstallationPath]/lib/geronimo-crypto-2.1.8-wasce.jar

3. Add attached to [ServerInstallationPath]/lib

4. Enable ConfiguredEncryption gbean in config.xml like this:


<gbean name="org.apache.geronimo.framework/rmi-naming/2.1.8-wasce/car?j2eeType=GBean,name=ConfiguredEncryption" gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference name="ServerInfo">
<pattern>
<name>ServerInfo</name>
</pattern>
</reference>
</gbean>
5. Add -Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=[Your password file location] -Dorg.apache.geronimo.security.encryption.keyfile=[ServerInstallationPath]\var\security\ConfiguredSecretKey.ser to JAVA_OPTS and make it available
6. Start server

[{"Product":{"code":"SS6JMN","label":"WebSphere Application Server Community Edition"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"2.1.1.5;2.1.1.4;2.1.1.3;2.1.1.2;2.1.1.1;2.1;2.1.1.6","Edition":"Enhanced","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21589034