Problem
Logon page does not display, even though the server log appears to be fine.
Error Message
<< catalina Log >>SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[com.teneo.esa.common.security.CustomHttp11Nio2Protocol-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed.
Caused by: java.lang.IllegalArgumentException: BCFKS KeyStore corrupted: MAC calculation failed.
Cause
The password of the cacerts.bcfks keystore is not correct or the KeyStore is corrupt.
Solution
Download and install the KeyStore Explorer tool
https://keystore-explorer.org/downloads.html
1. Stop the eDP services
2. Open the Clearwell Commander > Action > Password Manager > Show Passwords
Note the 'JDK Certificates Store' password. The value is the password for the cacerts and cacert.bcfks keystores.
3. Using the KeyStore Explorer tool, verify the password is the same as the 'JDK Certificates Store' password by attempting to open each of the three keystores
Locations:C:\jdk-8u251-windows-x64\jre\lib\security\cacerts
C:\jdk-8u251-windows-x64\jre\lib\security\cacerts.bcfks
D:\CW\V10#\scratch\temp\cert
If the password is correct , the KeyStore will open, otherwise:
4. Having the C:\jdk-8u251-windows-x64\jre\lib\security\cacerts keystore open, is required to advance at this point. If the 'JDK Certificates Store' password is not correct, continue trying other possible passwords that have been used in the past.
** If the cacerts keystore password is unknown and cannot be determined, stop at this point.
The cacert keystore will need to be rebuilt from scratch. To rebuild the certificate store from scratch please refer to the System Administration Guide, 'Certificates' section.
5. Create a temporary folder and copy the cacerts and cacerts.bcfks keytstores to this folder.C:\jdk-8u251-windows-x64\jre\lib\security\ (both the cacerts and cacerts.bcfks)
6. If the cacerts password is not the same as 'JDK Certificates Store' password, use the KeyStore Explorer to set the password to match the 'JDK Certificates Store' password.
7. Rename the copied cacerts.bcfks keytstore to cacerts.bcfks_ORIGINAL
8. Make another copy of the cacerts keystore inside the temporary folder and provide the name cacerts.bcfks
9. Open the new cacerts.bcfks keystore and 'Change KeyStore Type' from JKS to BCFKS, then save.
10. Copy the new cacerts and cacerts.bcfks keystore back into the original location.C:\jdk-8u251-windows-x64\jre\lib\security\cacerts
C:\jdk-8u251-windows-x64\jre\lib\security\cacerts.bcfks
11. Verify / Set the password (if needed) for the cacerts file in the location list below as well.C:\jdk-8u251-windows-x32\jre\lib\security\cacerts
12. Start the eDP services.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.