HTTPConnector Resource Instance installation fails with pkcs12 storetype.
Article ID: KB0093282
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix Service Grid | - |
| TIBCO ActiveMatrix Service Bus | - |
| TIBCO ActiveMatrix BusinessWorks Service Engine | - |
Description
Description:
Failed to install httpConnector Resource Instance (RI) configured with pkcs12 keystore.
Symptoms:
Below mentioned exception can be seen in the node logs.
-------------------------------------------------------------------
[ERROR] [] com.tibco.amx.hpa.web.jetty.HTTPConnector - TIBCO-AMX-HPA-014300: The connector HTTPConnector is not started. Likely an invalid connector configuration prevents server from starting.
java.io.IOException: !JsseListener: com.tibco.trinity.runtime.core.provider.identity.subject.SubjectRuntimeException: javax.security.auth.login.FailedLoginException: Key '1' cannot be retrieved: com.tibco.trinity.runtime.base.provider.credential.keystore.KeystoreRuntimeException: No key for alias '1' found in key store..
at org.mortbay.jetty.security.SslSocketConnector.newServerSocket(SslSocketConnector.java:463)
------------------------------------------------------------------------------------------
Cause:
If you do not provide an alias name when generating pkcs12 keystore, the alias name would be treated as "1". There are some issues retrieving such keyalias and the httpConnector RI referring to such keystores would fail to install with the "No key found" exception. Refer to the "Symptoms" section to obtain more details about the exception.
Failed to install httpConnector Resource Instance (RI) configured with pkcs12 keystore.
Symptoms:
Below mentioned exception can be seen in the node logs.
-------------------------------------------------------------------
[ERROR] [] com.tibco.amx.hpa.web.jetty.HTTPConnector - TIBCO-AMX-HPA-014300: The connector HTTPConnector is not started. Likely an invalid connector configuration prevents server from starting.
java.io.IOException: !JsseListener: com.tibco.trinity.runtime.core.provider.identity.subject.SubjectRuntimeException: javax.security.auth.login.FailedLoginException: Key '1' cannot be retrieved: com.tibco.trinity.runtime.base.provider.credential.keystore.KeystoreRuntimeException: No key for alias '1' found in key store..
at org.mortbay.jetty.security.SslSocketConnector.newServerSocket(SslSocketConnector.java:463)
------------------------------------------------------------------------------------------
Cause:
If you do not provide an alias name when generating pkcs12 keystore, the alias name would be treated as "1". There are some issues retrieving such keyalias and the httpConnector RI referring to such keystores would fail to install with the "No key found" exception. Refer to the "Symptoms" section to obtain more details about the exception.
Issue/Introduction
HTTPConnector Resource Instance installation fails with pkcs12 storetype.
Resolution
Provide a valid alias name when generating the pkcs12 keystore used for configuring the ssl-enabled httpConnnector.
For example:
Keystore generate command resulted in RI installation issue (no aliasname "-name" argument)
openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in server_cert.crt -inkey server.key.pem -out test_pkcs12.p12
Keystore generate command for the working scenario (with aliasname "-name" argument).
openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in server_cert.crt -inkey server.key.pem -out test_pkcs12.p12 -name "testcert"
For example:
Keystore generate command resulted in RI installation issue (no aliasname "-name" argument)
openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in server_cert.crt -inkey server.key.pem -out test_pkcs12.p12
Keystore generate command for the working scenario (with aliasname "-name" argument).
openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in server_cert.crt -inkey server.key.pem -out test_pkcs12.p12 -name "testcert"
Additional Information
httpconnector RI install failed, No key for alias, key cannot be retrieved
Feedback
Yes
No
Powered by
