IBM Support

PH29798: DOWNLOAD ARTIFACT STEP FAILS - JAVA.LANG.ILLEGALSTATEEXCEPTION: KEYSTORES WITH MULTIPLE CERTIFICATES ARE NOT SUPPORTED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Whenever the 'Download Artifact's Step is executed by an Agent
    running through an Agent Relay having version 7.0.5.3-ifix01,
    the following exception is seen.
    
    ERROR AgentWorkerThread
    com.urbancode.air.agentrelay.AgentRelayWorker -
    java.lang.RuntimeException: java.lang.IllegalStateException:
    KeyStores with multiple certificates are not supported on the
    base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use
    org.eclipse.jetty.util.ssl.SslContextFactory$Server or
    org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
    java.lang.RuntimeException: java.lang.RuntimeException:
    java.lang.IllegalStateException: KeyStores with multiple
    certificates are not supported on the base class
    org.eclipse.jetty.util.ssl.SslContextFactory. (Use
    org.eclipse.jetty.util.ssl.SslContextFactory$Server or
    org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
    	at
    com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.java:19
    9)
    	at com.urbancode.air.agentrelay.Main.main(Main.java:155)
    	at
    com.urbancode.air.agentrelay.AgentRelayWorker.execute(AgentRelay
    Worker.java:42)
    	at
    com.urbancode.air.agentrelay.AgentRelayWorker.access$100(AgentRe
    layWorker.java:9)
    	at
    com.urbancode.air.agentrelay.AgentRelayWorker$1.run(AgentRelayWo
    rker.java:31)
    Caused by: java.lang.RuntimeException:
    java.lang.IllegalStateException: KeyStores with multiple
    certificates are not supported on the base class
    org.eclipse.jetty.util.ssl.SslContextFactory. (Use
    org.eclipse.jetty.util.ssl.SslContextFactory$Server or
    org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
    	at
    com.urbancode.air.agentrelay.rest.RestServer.start(RestServer.ja
    va:229)
    	at
    com.urbancode.air.agentrelay.codestation.RelayCodestationService
    .start(RelayCodestationService.java:344)
    	at
    com.urbancode.air.agentrelay.ServiceManager.start(ServiceManager
    .java:43)
    	at
    com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.java:18
    5)
    	... 4 more
    
    Steps to Reproduce
    ------------------
    1. Install Agent Relay  7.0.5.3.ifix01.1062134 with mutual
    authentication and server identity as true
    2. Got new keystore from internal cert management team of format
    PKCS12 and converted that into JKS, renamed the keystore,
    changed the store password, Alias, keypass using below commands.
    	a. mv dc-xyz.abm.com_2020.pfx codestation.keystore
    	b. keytool -storepasswd -keystore codestation.keystore
    	c. keytool -changealias -alias 1 -destalias agentrelay -keypass
    abc12345 -keystore codestation.keystore -storepass changeit
    	d. keytool -keypasswd -alias agentrelay -keystore
    codestation.keystore
    	e. keytool -importkeystore -srckeystore codestation.keystore
    -srcstoretype pkcs12 -destkeystore codestation.keystore
    -deststoretype jks
    
    3. Start the Agent Relay
    4. Observe that Agent Relay is online and Agents are connected
    to the relay on UCD UI.
    5. Initiate the appliction Deployment with component having
    Download Artifact step and observe that the Download Artifact
    step fails with the above error in the logs.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All end users on all supported browsers.                     *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Whenever the 'Download Artifact's Step is executed by an     *
    * Agent                                                        *
    * running through an Agent Relay having version                *
    * 7.0.5.3-ifix01,                                              *
    * the following exception is seen.                             *
    *                                                              *
    * ERROR AgentWorkerThread                                      *
    * com.urbancode.air.agentrelay.AgentRelayWorker -              *
    * java.lang.RuntimeException: java.lang.IllegalStateException: *
    * KeyStores with multiple certificates are not supported on    *
    * the                                                          *
    * base class org.eclipse.jetty.util.ssl.SslContextFactory.     *
    * (Use                                                         *
    * org.eclipse.jetty.util.ssl.SslContextFactory$Server or       *
    * org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) *
    * java.lang.RuntimeException: java.lang.RuntimeException:      *
    * java.lang.IllegalStateException: KeyStores with multiple     *
    * certificates are not supported on the base class             *
    * org.eclipse.jetty.util.ssl.SslContextFactory. (Use           *
    * org.eclipse.jetty.util.ssl.SslContextFactory$Server or       *
    * org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.jav *
    * a:19                                                         *
    * 9)                                                           *
    * 	at com.urbancode.air.agentrelay.Main.main(Main.java:155)    *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.AgentRelayWorker.execute(AgentR *
    * elay                                                         *
    * Worker.java:42)                                              *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.AgentRelayWorker.access$100(Age *
    * ntRe                                                         *
    * layWorker.java:9)                                            *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.AgentRelayWorker$1.run(AgentRel *
    * ayWo                                                         *
    * rker.java:31)                                                *
    * Caused by: java.lang.RuntimeException:                       *
    * java.lang.IllegalStateException: KeyStores with multiple     *
    * certificates are not supported on the base class             *
    * org.eclipse.jetty.util.ssl.SslContextFactory. (Use           *
    * org.eclipse.jetty.util.ssl.SslContextFactory$Server or       *
    * org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.rest.RestServer.start(RestServe *
    * r.ja                                                         *
    * va:229)                                                      *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.codestation.RelayCodestationSer *
    * vice                                                         *
    * .start(RelayCodestationService.java:344)                     *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.ServiceManager.start(ServiceMan *
    * ager                                                         *
    * .java:43)                                                    *
    * 	at                                                          *
    * com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.jav *
    * a:18                                                         *
    * 5)                                                           *
    * 	... 4 more                                                  *
    *                                                              *
    * Steps to Reproduce                                           *
    * ------------------                                           *
    * 1. Install Agent Relay  7.0.5.3.ifix01.1062134 with mutual   *
    * authentication and server identity as true                   *
    * 2. Got new keystore from internal cert management team of    *
    * format                                                       *
    * PKCS12 and converted that into JKS, renamed the keystore,    *
    * changed the store password, Alias, keypass using below       *
    * commands.                                                    *
    * 	a. mv dc-xyz.abm.com_2020.pfx codestation.keystore          *
    * 	b. keytool -storepasswd -keystore codestation.keystore      *
    * 	c. keytool -changealias -alias 1 -destalias agentrelay      *
    * -keypass                                                     *
    * abc12345 -keystore codestation.keystore -storepass changeit  *
    * 	d. keytool -keypasswd -alias agentrelay -keystore           *
    * codestation.keystore                                         *
    * 	e. keytool -importkeystore -srckeystore                     *
    * codestation.keystore                                         *
    * -srcstoretype pkcs12 -destkeystore codestation.keystore      *
    * -deststoretype jks                                           *
    *                                                              *
    * 3. Start the Agent Relay                                     *
    * 4. Observe that Agent Relay is online and Agents are         *
    * connected                                                    *
    * to the relay on UCD UI.                                      *
    * 5. Initiate the appliction Deployment with component having  *
    * Download Artifact step and observe that the Download         *
    * Artifact                                                     *
    * step fails with the above error in the logs.                 *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Fixed in version 7.2.0.1                                     *
    ****************************************************************
    

Problem conclusion

  • Fix is provided in IBM UrbanCode Deploy 7.2.0.1
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH29798

  • Reported component name

    UC DEPLOY

  • Reported component ID

    5725M5400

  • Reported release

    705

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-09-23

  • Closed date

    2021-07-29

  • Last modified date

    2021-07-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    UC DEPLOY

  • Fixed component ID

    5725M5400

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"705"}]

Document Information

Modified date:
30 July 2021