APAR status
Closed as program error.
Error description
Whenever the 'Download Artifact's Step is executed by an Agent running through an Agent Relay having version 7.0.5.3-ifix01, the following exception is seen. ERROR AgentWorkerThread com.urbancode.air.agentrelay.AgentRelayWorker - java.lang.RuntimeException: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) java.lang.RuntimeException: java.lang.RuntimeException: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.java:19 9) at com.urbancode.air.agentrelay.Main.main(Main.java:155) at com.urbancode.air.agentrelay.AgentRelayWorker.execute(AgentRelay Worker.java:42) at com.urbancode.air.agentrelay.AgentRelayWorker.access$100(AgentRe layWorker.java:9) at com.urbancode.air.agentrelay.AgentRelayWorker$1.run(AgentRelayWo rker.java:31) Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at com.urbancode.air.agentrelay.rest.RestServer.start(RestServer.ja va:229) at com.urbancode.air.agentrelay.codestation.RelayCodestationService .start(RelayCodestationService.java:344) at com.urbancode.air.agentrelay.ServiceManager.start(ServiceManager .java:43) at com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.java:18 5) ... 4 more Steps to Reproduce ------------------ 1. Install Agent Relay 7.0.5.3.ifix01.1062134 with mutual authentication and server identity as true 2. Got new keystore from internal cert management team of format PKCS12 and converted that into JKS, renamed the keystore, changed the store password, Alias, keypass using below commands. a. mv dc-xyz.abm.com_2020.pfx codestation.keystore b. keytool -storepasswd -keystore codestation.keystore c. keytool -changealias -alias 1 -destalias agentrelay -keypass abc12345 -keystore codestation.keystore -storepass changeit d. keytool -keypasswd -alias agentrelay -keystore codestation.keystore e. keytool -importkeystore -srckeystore codestation.keystore -srcstoretype pkcs12 -destkeystore codestation.keystore -deststoretype jks 3. Start the Agent Relay 4. Observe that Agent Relay is online and Agents are connected to the relay on UCD UI. 5. Initiate the appliction Deployment with component having Download Artifact step and observe that the Download Artifact step fails with the above error in the logs.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All end users on all supported browsers. * **************************************************************** * PROBLEM DESCRIPTION: * * Whenever the 'Download Artifact's Step is executed by an * * Agent * * running through an Agent Relay having version * * 7.0.5.3-ifix01, * * the following exception is seen. * * * * ERROR AgentWorkerThread * * com.urbancode.air.agentrelay.AgentRelayWorker - * * java.lang.RuntimeException: java.lang.IllegalStateException: * * KeyStores with multiple certificates are not supported on * * the * * base class org.eclipse.jetty.util.ssl.SslContextFactory. * * (Use * * org.eclipse.jetty.util.ssl.SslContextFactory$Server or * * org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) * * java.lang.RuntimeException: java.lang.RuntimeException: * * java.lang.IllegalStateException: KeyStores with multiple * * certificates are not supported on the base class * * org.eclipse.jetty.util.ssl.SslContextFactory. (Use * * org.eclipse.jetty.util.ssl.SslContextFactory$Server or * * org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) * * at * * com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.jav * * a:19 * * 9) * * at com.urbancode.air.agentrelay.Main.main(Main.java:155) * * at * * com.urbancode.air.agentrelay.AgentRelayWorker.execute(AgentR * * elay * * Worker.java:42) * * at * * com.urbancode.air.agentrelay.AgentRelayWorker.access$100(Age * * ntRe * * layWorker.java:9) * * at * * com.urbancode.air.agentrelay.AgentRelayWorker$1.run(AgentRel * * ayWo * * rker.java:31) * * Caused by: java.lang.RuntimeException: * * java.lang.IllegalStateException: KeyStores with multiple * * certificates are not supported on the base class * * org.eclipse.jetty.util.ssl.SslContextFactory. (Use * * org.eclipse.jetty.util.ssl.SslContextFactory$Server or * * org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) * * at * * com.urbancode.air.agentrelay.rest.RestServer.start(RestServe * * r.ja * * va:229) * * at * * com.urbancode.air.agentrelay.codestation.RelayCodestationSer * * vice * * .start(RelayCodestationService.java:344) * * at * * com.urbancode.air.agentrelay.ServiceManager.start(ServiceMan * * ager * * .java:43) * * at * * com.urbancode.air.agentrelay.AgentRelay.start(AgentRelay.jav * * a:18 * * 5) * * ... 4 more * * * * Steps to Reproduce * * ------------------ * * 1. Install Agent Relay 7.0.5.3.ifix01.1062134 with mutual * * authentication and server identity as true * * 2. Got new keystore from internal cert management team of * * format * * PKCS12 and converted that into JKS, renamed the keystore, * * changed the store password, Alias, keypass using below * * commands. * * a. mv dc-xyz.abm.com_2020.pfx codestation.keystore * * b. keytool -storepasswd -keystore codestation.keystore * * c. keytool -changealias -alias 1 -destalias agentrelay * * -keypass * * abc12345 -keystore codestation.keystore -storepass changeit * * d. keytool -keypasswd -alias agentrelay -keystore * * codestation.keystore * * e. keytool -importkeystore -srckeystore * * codestation.keystore * * -srcstoretype pkcs12 -destkeystore codestation.keystore * * -deststoretype jks * * * * 3. Start the Agent Relay * * 4. Observe that Agent Relay is online and Agents are * * connected * * to the relay on UCD UI. * * 5. Initiate the appliction Deployment with component having * * Download Artifact step and observe that the Download * * Artifact * * step fails with the above error in the logs. * **************************************************************** * RECOMMENDATION: * * Fixed in version 7.2.0.1 * ****************************************************************
Problem conclusion
Fix is provided in IBM UrbanCode Deploy 7.2.0.1
Temporary fix
Comments
APAR Information
APAR number
PH29798
Reported component name
UC DEPLOY
Reported component ID
5725M5400
Reported release
705
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-09-23
Closed date
2021-07-29
Last modified date
2021-07-29
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
UC DEPLOY
Fixed component ID
5725M5400
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"705"}]
Document Information
Modified date:
30 July 2021