IBM Support

PI93804: AFTER UPGRADE WEB UI NOT ACCESSIBLE BECAUSE OF A JAVA.SECURITY.KEYSTOREEXCEPTION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • After upgrading to 6.2.7, the tomcat server fails to start and
    there is a KeyStoreException in the logs:
    
    java.lang.IllegalArgumentException:
    java.security.KeyStoreException: Cannot store non-PrivateKeys
    at
    org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext
    (AbstractJsseEndpoint.java:114)
    at
    org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(Ab
    stractJsseEndpoint.java:85)
    at
    org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225
    )
    at
    org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoin
    t.java:982)
    at
    org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJss
    eEndpoint.java:244)
    at
    org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:62
    0)
    at
    org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHtt
    p11Protocol.java:66)
    at
    org.apache.catalina.connector.Connector.initInternal(Connector.j
    ava:997)
    at
    org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:1
    07)
    at
    org.apache.catalina.core.StandardService.initInternal(StandardSe
    rvice.java:549)
    at
    org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:1
    07)
    at
    org.apache.catalina.core.StandardServer.initInternal(StandardSer
    ver.java:875)
    at
    org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:1
    07)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:630)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessor
    Impl.java:95)
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethod
    AccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at
    com.urbancode.container.tomcat.Bootstrap.load(Bootstrap.java:327
    )
    at
    com.urbancode.container.tomcat.Bootstrap.main(Bootstrap.java:496
    )
    at com.urbancode.container.tomcat.Tomcat$1.run(Tomcat.java:47)
    at java.lang.Thread.run(Thread.java:785)
    Caused by: java.security.KeyStoreException: Cannot store
    non-PrivateKeys
    at
    com.ibm.crypto.provider.JavaKeyStore.engineSetKeyEntry(Unknown
    Source)
    at java.security.KeyStore.setKeyEntry(KeyStore.java:1151)
    at
    org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil
    .java:226)
    at
    org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext
    (AbstractJsseEndpoint.java:112)
    ... 22 more
    
    This occurs when a server was installed with HTTPS and the user
    has imported trustedCertEntry(s) into the tomcat keystore. The
    keys can be viewed using keytool -list -v -keystore
    tomcat.keystore shows entries like the following:
    
    ...
    Alias name: someCertAlias
    Entry type: trustedCertEntry
    ...
    Alias name: someKeyAlias
    Entry type: keyEntry
    ...
    

Local fix

  • The trustedCertEntry will can be loaded by tomcat when the
    server starts resulting in the keystore exception. The user can
    workaround this by specifying the keyAlias="someKeyAlias" in
    connector in the server.xml,
    <server_home>/opt/tomcat/conf/server.xml. Note that the
    server.xml is wiped out on upgrade.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All users                                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * After upgrading to 6.2.7, the tomcat server fails to start   *
    * and                                                          *
    * there is a KeyStoreException in the logs:                    *
    *                                                              *
    * java.lang.IllegalArgumentException:                          *
    * java.security.KeyStoreException: Cannot store                *
    * non-PrivateKeys                                              *
    * at                                                           *
    * org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLCon *
    * text                                                         *
    * (AbstractJsseEndpoint.java:114)                              *
    * at                                                           *
    * org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSs *
    * l(Ab                                                         *
    * stractJsseEndpoint.java:85)                                  *
    * at                                                           *
    * org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java *
    * :225                                                         *
    * )                                                            *
    * at                                                           *
    * org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEnd *
    * poin                                                         *
    * t.java:982)                                                  *
    * at                                                           *
    * org.apache.tomcat.util.net.AbstractJsseEndpoint.init(Abstrac *
    * tJss                                                         *
    * eEndpoint.java:244)                                          *
    * at                                                           *
    * org.apache.coyote.AbstractProtocol.init(AbstractProtocol.jav *
    * a:62                                                         *
    * 0)                                                           *
    * at                                                           *
    * org.apache.coyote.http11.AbstractHttp11Protocol.init(Abstrac *
    * tHtt                                                         *
    * p11Protocol.java:66)                                         *
    * at                                                           *
    * org.apache.catalina.connector.Connector.initInternal(Connect *
    * or.j                                                         *
    * ava:997)                                                     *
    * at                                                           *
    * org.apache.catalina.util.LifecycleBase.init(LifecycleBase.ja *
    * va:1                                                         *
    * 07)                                                          *
    * at                                                           *
    * org.apache.catalina.core.StandardService.initInternal(Standa *
    * rdSe                                                         *
    * rvice.java:549)                                              *
    * at                                                           *
    * org.apache.catalina.util.LifecycleBase.init(LifecycleBase.ja *
    * va:1                                                         *
    * 07)                                                          *
    * at                                                           *
    * org.apache.catalina.core.StandardServer.initInternal(Standar *
    * dSer                                                         *
    * ver.java:875)                                                *
    * at                                                           *
    * org.apache.catalina.util.LifecycleBase.init(LifecycleBase.ja *
    * va:1                                                         *
    * 07)                                                          *
    * at                                                           *
    * org.apache.catalina.startup.Catalina.load(Catalina.java:607) *
    * at                                                           *
    * org.apache.catalina.startup.Catalina.load(Catalina.java:630) *
    * at sun.reflect.NativeMethodAccessorImpl.invoke0(Native       *
    * Method)                                                      *
    * at                                                           *
    * sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce *
    * ssor                                                         *
    * Impl.java:95)                                                *
    * at                                                           *
    * sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe *
    * thod                                                         *
    * AccessorImpl.java:55)                                        *
    * at java.lang.reflect.Method.invoke(Method.java:508)          *
    * at                                                           *
    * com.urbancode.container.tomcat.Bootstrap.load(Bootstrap.java *
    * :327                                                         *
    * )                                                            *
    * at                                                           *
    * com.urbancode.container.tomcat.Bootstrap.main(Bootstrap.java *
    * :496                                                         *
    * )                                                            *
    * at                                                           *
    * com.urbancode.container.tomcat.Tomcat$1.run(Tomcat.java:47)  *
    * at java.lang.Thread.run(Thread.java:785)                     *
    * Caused by: java.security.KeyStoreException: Cannot store     *
    * non-PrivateKeys                                              *
    * at                                                           *
    * com.ibm.crypto.provider.JavaKeyStore.engineSetKeyEntry(Unkno *
    * wn                                                           *
    * Source)                                                      *
    * at java.security.KeyStore.setKeyEntry(KeyStore.java:1151)    *
    * at                                                           *
    * org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSE *
    * Util                                                         *
    * .java:226)                                                   *
    * at                                                           *
    * org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLCon *
    * text                                                         *
    * (AbstractJsseEndpoint.java:112)                              *
    * ... 22 more                                                  *
    *                                                              *
    * This occurs when a server was installed with HTTPS and the   *
    * user                                                         *
    * has imported trustedCertEntry(s) into the tomcat keystore.   *
    * The                                                          *
    * keys can be viewed using keytool -list -v -keystore          *
    * tomcat.keystore shows entries like the following:            *
    *                                                              *
    * ...                                                          *
    * Alias name: someCertAlias                                    *
    * Entry type: trustedCertEntry                                 *
    * ...                                                          *
    * Alias name: someKeyAlias                                     *
    * Entry type: keyEntry                                         *
    * ...                                                          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • A fix is available in IBM UrbanCode Deploy 7.0.0.1
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI93804

  • Reported component name

    UC DEPLOY

  • Reported component ID

    5725M5400

  • Reported release

    627

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-02-14

  • Closed date

    2018-08-08

  • Last modified date

    2018-08-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    UC DEPLOY

  • Fixed component ID

    5725M5400

Applicable component levels

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"627","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
08 August 2018