After I upgraded UIM/P as per <these> instructions and restarted the appliance, I could not longer open UIM/P Management Logon Page. The following error message was displayed:
------------------------------------------------------------------------------------ UIM/P Unavailable UIM/P is unable to service your request at this time. Please allow a few minutes to ensure UIM/P services are ready and try again. If you continue to see this message, please contact the UIM/P system administrator. Error 503 192.168.100.25 Thu Nov 15 13:44:00 2012 Apache ------------------------------------------------------------------------------------
jboss.log had the following errors:
- ERROR [org.apache.coyote.http11.Http11Protocol] (main) Error starting endpoint
- java.io.IOException: Keystore was tampered with, or password was incorrect
- Caused by: java.security.UnrecoverableKeyException: Password verification failed
- WARN [org.jboss.web.tomcat.service.JBossWeb] (main) Failed to startConnectors
2012-11-15 15:49:00,542 ERROR [org.apache.coyote.http11.Http11Protocol] (main) Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:334) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:274) ... at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:518) at java.lang.Thread.run(Thread.java:662) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769) ... 26 more 2012-11-15 15:49:00,543 WARN [org.jboss.web.tomcat.service.JBossWeb] (main) Failed to startConnectors LifecycleException: service.getName(): "jboss.web"; Protocol handler start failed: java.io.IOException: Keystore was tampered with, or password was incorrect at org.apache.catalina.connector.Connector.start(Connector.java:1139) at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:601) at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:638) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) ... at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:518) at java.lang.Thread.run(Thread.java:662) 2012-11-15 15:49:00,543 INFO [org.jboss.system.server.Server] (main) JBoss (MX MicroKernel) [4.3.0.GA_CP10 (build: SVNTag=JBPAPP_4_3_0_GA_CP10 date=201107201825)] Started in 35s:728ms .
When I installed and configured UIM/P, I used a 3rd party application to generate a Private Key and Certificate Signing Request (CSR) which included UIM/P FQDN, IP address and all aliases. See “HOW TO: Create server certificate and include DNS alias” blog post. I guess this is what the UIM/P upgrade utility did not like. To get this issue resolved I had to re-run ‘perl ssl-utility.pl -install server.key certnew.cer‘ command (see Step 4) to re-configure Apache private key, certificate and re-create the keystore. I then restarted the appliance and successfully logged into UIM/P Management Application.
Hope you find it useful.
Which app did you use to generate the CSR with all of the aliases on it?
Cheers,
Brendon
Hi Brendon,
Apologies for the delay. I use OpenSSL. Will try to post the instructions soon.