Troubleshooting
Problem
Server cannot shutdown or deploy when using configured encryption and --secure together. java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect at com.ibm.jsse2.rc.a(rc.java:45) at com.ibm.jsse2.tc.g(tc.java:17)
Cause
ConfiguredEncryption gbean is not involved when using shutdown or deploy command
Resolving The Problem
Add ConfiguredEncryption code to crypto package and involves it in EncryptionManager, so that we can decrypt Configured password when the ConfiguredEncryption gbean is not involved.
Use following steps to install:
1. Shutdown server
2. Backup [ServerInstallationPath]/lib/geronimo-crypto-2.1.8-wasce.jar
3. Add attached to [ServerInstallationPath]/lib
4. Enable ConfiguredEncryption gbean in config.xml like this:
<gbean name="org.apache.geronimo.framework/rmi-naming/2.1.8-wasce/car?j2eeType=GBean,name=ConfiguredEncryption" gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
<attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
<reference name="ServerInfo">
<pattern>
<name>ServerInfo</name>
</pattern>
</reference>
</gbean>
5. Add -Dorg.apache.geronimo.keyStoreTrustStorePasswordFile=[Your password file location] -Dorg.apache.geronimo.security.encryption.keyfile=[ServerInstallationPath]\var\security\ConfiguredSecretKey.ser to JAVA_OPTS and make it available
6. Start server
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21589034