Domain Utility throws "java.security.InvalidKeyException: iaik.asn1.CodingException: No ASN.1 AlgorithmID type!" error while enabling HTTPS for TIBCO Administrator domain.
Article ID: KB0075326
Updated On:
| Products | Versions |
|---|---|
| TIBCO Runtime Agent (TRA) | - |
| Not Applicable | - |
Description
Resolution:
Description:
============
Domain Utility throws "java.security.InvalidKeyException: iaik.asn1.CodingException: No ASN.1 AlgorithmID type!" error while enabling HTTPS for TIBCO Administrator domain.
Environment:
===========
o TIBCO Runtime Agent(TRA) 5.x.x
o TIBCO Administrator 5.x.x
Symptoms:
========
Domain Utility fails with the following stack trace while enabling HTTPS for TIBCO Administrator domain:
2010 Nov 22 11:53:51:300 GMT -0800 DU Error [DomainUtility] AESDKJ-0000 com.tibco.security.AXSecurityException: java.security.InvalidKeyException: iaik.asn1.CodingException: No ASN.1 AlgorithmID type!
at com.tibco.security.impl.entrust61.ShroudedPKImpl.getPrivateKey(ShroudedPKImpl.java:107)
at com.tibco.administrator.du.task.https.HttpsConfigureTask.new(HttpsConfigureTask.java:324)
at com.tibco.administrator.du.task.https.HttpsConfigureTask.execute(HttpsConfigureTask.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.tibco.administrator.wizard.progress.Trampoline.invoke(Trampoline.java:96)
at com.tibco.administrator.wizard.progress.BusyWait.run(BusyWait.java:267)
at java.lang.Thread.run(Thread.java:619)
Cause:
=====
Domain Utility expects the private key named key.p8 under the TIBCO_HOME/administrator/domain/<domain_name>/SSL folder.
For TRA 5.10.x or higher, the key.p8 is a JKS (Java Keystore) file. For lower TRA/Administrator versions, it should be encoded in PKCS#8 format for TRA. Domain Utility would throw above error if the key.p8 is in any other format.
Description:
============
Domain Utility throws "java.security.InvalidKeyException: iaik.asn1.CodingException: No ASN.1 AlgorithmID type!" error while enabling HTTPS for TIBCO Administrator domain.
Environment:
===========
o TIBCO Runtime Agent(TRA) 5.x.x
o TIBCO Administrator 5.x.x
Symptoms:
========
Domain Utility fails with the following stack trace while enabling HTTPS for TIBCO Administrator domain:
2010 Nov 22 11:53:51:300 GMT -0800 DU Error [DomainUtility] AESDKJ-0000 com.tibco.security.AXSecurityException: java.security.InvalidKeyException: iaik.asn1.CodingException: No ASN.1 AlgorithmID type!
at com.tibco.security.impl.entrust61.ShroudedPKImpl.getPrivateKey(ShroudedPKImpl.java:107)
at com.tibco.administrator.du.task.https.HttpsConfigureTask.new(HttpsConfigureTask.java:324)
at com.tibco.administrator.du.task.https.HttpsConfigureTask.execute(HttpsConfigureTask.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.tibco.administrator.wizard.progress.Trampoline.invoke(Trampoline.java:96)
at com.tibco.administrator.wizard.progress.BusyWait.run(BusyWait.java:267)
at java.lang.Thread.run(Thread.java:619)
Cause:
=====
Domain Utility expects the private key named key.p8 under the TIBCO_HOME/administrator/domain/<domain_name>/SSL folder.
For TRA 5.10.x or higher, the key.p8 is a JKS (Java Keystore) file. For lower TRA/Administrator versions, it should be encoded in PKCS#8 format for TRA. Domain Utility would throw above error if the key.p8 is in any other format.
Issue/Introduction
Domain Utility throws "java.security.InvalidKeyException: iaik.asn1.CodingException: No ASN.1 AlgorithmID type!" error while enabling HTTPS for TIBCO Administrator domain.
Resolution
For TRA 5.10.x or higher, users can create a .pfx (.pkcs#12) file first, then export the private key with keytool like below:
keytool -importkeystore -srckeystore server.pfx -srcstoretype PKCS12 -srcstorepass password -srcalias <alias> -destalias key -deststorepass password -destkeypass password -deststoretype JKS -destkeystore key.p8
For lower TRA versions, use the following command to convert the private key to PKCS#8 format:
openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -out $TIBCO_HOME/administrator/domain/domainname/SSL/key.p8
Then run Domain Utility and install the certificate again.
References:
==========
1). TIBCO Runtime Agent -> Domain Utility's User Guide
2).https://support.tibco.com/supportguides/index.jsp?page=/supportguides/products/administrator/enabling_https/enabling_https.html
keytool -importkeystore -srckeystore server.pfx -srcstoretype PKCS12 -srcstorepass password -srcalias <alias> -destalias key -deststorepass password -destkeypass password -deststoretype JKS -destkeystore key.p8
For lower TRA versions, use the following command to convert the private key to PKCS#8 format:
openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -out $TIBCO_HOME/administrator/domain/domainname/SSL/key.p8
Then run Domain Utility and install the certificate again.
References:
==========
1). TIBCO Runtime Agent -> Domain Utility's User Guide
2).https://support.tibco.com/supportguides/index.jsp?page=/supportguides/products/administrator/enabling_https/enabling_https.html
Feedback
Yes
No
Powered by
