After updating the certificates for RSA Identity Governance & Lifecycle, WildFly reports error: JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
Originally Published: 2018-11-14
Article Number
Applies To
RSA Product/Service Type: Appliance
RSA Version/Condition: 7.0.0 and above
Issue
On examination, the following error is found in the WildFly log file: server.log.
2018-11-12 12:13:01,200 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.server.controller.management.security_realm.AveksaRealm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.AveksaRealm.key-manager:
JBAS015299: The KeyStore /home/oracle/keystore/aveksa.keystore does not contain any keys.
When the /home/oracle/keystore/aveksa.keystore file is examined, the following results are returned.
# keytool -list -alias server -keystore aveksa.keystore Enter keystore password: server, Nov 7, 2018, trustedCertEntry, ...NOTE: The recommended password for the aveksa.keystore is: Av3k5a15num83r0n3
Cause
This is why WildFly reports that the file does not contain any keys.
This can occur if the "server" alias is replaced by a certificate.
Certificates are of Entry type: trustedCertEntry
Resolution
Work through all the steps from article https://community.rsa.com/s/article/Replacing-the-server-certificate-used-for-the-RSA-Identity-Governance-Lifecycle-appliance-web-administration-interface
This is because the Private Key entry in the aveksa.keystore is missing and needs to be re-generated.
Step 2 from article 30130 is as follows.
keytool -genkeypair -keysize 2048 -alias server -keyalg RSA -keystore my.keystore -dname "CN=rsa-img.rsa.com" -ext san=dns:rsa-img.rsa.com,dns:rsa-img
This creates a new keystore file, with the "server" alias that is of Entry type: PrivateKeyEntry
Notes
Related Articles
A more concise guide to updating Authentication Manager 8.x passwords Number of Views Error 413--Request Entity Too Large, now system cannot be restarted when updating RSA Authentication Manager 8.3.0.… Number of Views Logging on to security console is very slow after updating to AM 8.5 Number of Views Failed to deploy RSA IDR - VMware "Error updating httpd.conf" Number of Views 'The request could not be handled' error on the UI after updating Table Options in RSA Governance & Lifecycle Number of Views
Trending Articles
RSA Authentication Manager Patch Updates RSA SecurID Software Token 4.1.2 and 4.2.1 for Mac OS X displays: No token storage device was detected. Verify that the de… How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Configuring a Checkpoint firewall to work with SecurID
Don't see what you're looking for?
