IBM Support

Unlock keystore action appears to be broken when WebSphere Application Server Community Edition 3.0.0.3 running against JDK 1.7

Troubleshooting


Problem

If you follow the instruction below to unlock a keystore, you will meet an Error like "Unable to format attribute of type java.net.URI; no editor found".

Symptom

To reproduce the issue, please follow the instruction below.

1. Start wasce 3.0.0.3 server.

2. Use keytool command to create a keystore with a key.
For example, run the command below.

keytool -genkeypair -keystore test.jks -alias testkey -keyalg RSA -keysize 2048 -dname "cn=test.apache.org,c=US" -validity 365 -storepass welcome1

3.Copy the keystore to <wasce-home>\var\security\keystores

4.Use deploy encrypt to encrypt the password "welcome1",go the encrypt string:

{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT

Add the string into config-substitution.properties like this:

test.jks = {Simple}
rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEKvo5tkjHVqHlsBtDNRytadwdAADQUVT
testkey =
{Simple}
rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWx

5. Restart the server.

6. Use deploy unlock-keystore command to unlock test.jks. For example,
deploy -u system -p manager unlock-keystore test.jks


The result is the unlock-keystore action seems to success. But you can find an ERROR below in admin console. It will generate an incomplete j2ee-security module in config.xml. When you restart the server, you will fail on it.

2013-02-27 11:41:06,564 WARN [FileKeystoreManager] keystoreType for new keystore "test.jks" set to "jks" based on file extension.
2013-02-27 11:41:06,660 ERROR [LocalAttributeManager] Unable to format attribute of type java.net.URI; no editor found
2013-02-27 11:41:06,660 WARN [BasicProxyManager] Could not load interface org.apache.geronimo.security.keystore.FileKeystoreInsta
nce in provided ClassLoader for org.apache.geronimo.framework/j2ee-security/3.0.0/car?ServiceModule=org.apache.geronimo.framework/
j2ee-security/3.0.0/car,j2eeType=Keystore,name=test.jks

Resolving The Problem

To fix this issue, please follow this instruction.

1. Download the patch file.UnlockkeystoreFailwithJDK7Patch3.0.0.3.zipUnlockkeystoreFailwithJDK7Patch3.0.0.3.zip

2. Unzip the patch file into the WebSphere Application Server Community Edition installation directory, and ensure the files in the zip file replace the ones in the server installation.

3. Start the server with the cache cleaned, for example,

<WAS_CE_HOME>\bin\startup -c

<WAS_CE_HOME>/bin/startup.sh -c

[{"Product":{"code":"SS6JMN","label":"WebSphere Application Server Community Edition"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"3.0.0.3","Edition":"Entry;Enhanced;Elite","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21628524

Page Feedback