AFX Server fails to start and unable to create a new AFX Server on WebSphere in RSA Identity Governance & Lifecycle
Originally Published: 2020-06-26
Article Number
Applies To
RSA Version/Condition: 7.1.0, 7.1.1, 7.2.0
Platform: WebSphere
Issue
The following error is logged in the aveksaserver.log file:
05/01/2020 14:18:20.940 ERROR (WebContainer : 5) [com.aveksa.gui.core.filters.LoginFilter]
com.ibm.websphere.servlet.error.ServletErrorReport: java.lang.VerifyError: JVMVRFY012 stack shape inconsistent; class=org/bouncycastle/openssl/PEMReader$ECDSAKeyPairParser, method=parseObject(Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;, pc=26; Type Mismatch, argument 0 in signature org/bouncycastle/asn1/x509/AlgorithmIdentifier.<init>:(Lorg/bouncycastle/asn1/DERObjectIdentifier;Lorg/bouncycastle/asn1/DEREncodable;)V does not match
com.ibm.websphere.servlet.error.ServletErrorReport: java.lang.VerifyError: JVMVRFY012 stack shape inconsistent; class=org/bouncycastle/openssl/PEMReader$ECDSAKeyPairParser, method=parseObject(Lorg/bouncycastle/util/io/pem/PemObject;)Ljava/lang/Object;, pc=26; Type Mismatch, argument 0 in signature org/bouncycastle/asn1/x509/AlgorithmIdentifier.<init>:(Lorg/bouncycastle/asn1/DERObjectIdentifier;Lorg/bouncycastle/asn1/DEREncodable;)V does not match
Note the aveksaServer.log file on WebSphere may be found in a directory similar to the following (where the specific node name would be different), /home/oracle/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/vm-support-11Node01Cell/aveksa.ear/aveksa.war/log. The aveksaServer.log may also be downloaded from the RSA Identity Governance & Lifecycle user interface (Admin > System > Server Nodes tab > under Logs.)
Cause
This issue occurs when attempting to parse self-signed certificates generated on an older version of RSA Identity Governance & Lifecycle. Parsing these certificates leads to a call to a deprecated method in the bouncycastle crypto library.
Resolution
Workaround
- Generate new certificates.
For instructions on how to generate and install new RSA Identity Governance & Lifecycle certificates on WebSphere, see the section entitled Configure SSL for Internal Communication Between RSA Identity Governance and Lifecycle Components under the WebSphere Installation section in the RSA Identity Governance & Lifecycle Installation Guide for your specific RSA Identity Governance & Lifecycle version.
- Redeploy AFX.
See RSA Knowledge Base Article 000037993 -- How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle for instructions on redeploying AFX.
Notes
000038503 -- AFX Server and Remote Collection Agents fail to start after updating Java to version 1.8u241 (1.8.0.241) or later in RSA Identity Governance & Lifecycle.
Related Articles
JSP Processing Error and HTTP Error Code: 500 when attempting to edit or create a new AFX Server on Websphere in RSA Ident… Number of Views SDNEWDB: Create a new database for the Primary 5.0 ACE/Server UNIX Number of Views RSA Web Threat Detection (WTD) administrator is not able to create a new user in the administrative interface with the fol… Number of Views How to create a new ActiveMQ KahaDB for use with AFX in RSA Identity Governance & Lifecycle Number of Views Remote syslog server is unable to recognize a new rsyslog format in RSA Authentication Manager 8.4 or later Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU How to factory reset an RSA Authentication Manager 8.x hardware appliance without a factory reset button from the Operatio…
Don't see what you're looking for?
