Problem
Appliance backup fails with "Could not create KeyStore instance" error
Error Message
The following is seen in Clearwell Utility Option 1 Backup Appliance (The error message below is from an Arctera lab):backup-db:
[echo] Backing up esadb_eDP_App1 databases to D:/CW/V101/backups/testabc
[mkdir] Created dir: D:\CW\V101\backups\testabc
[dbbackuprestoreprop] Checking fragmentation of 1 cases
[dbbackuprestoreprop] Tue Jul 08 07:54:30 EDT 2025 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
[echo] Caught error in backup-db-ft-internal
[cwdelete] Deleting: D:\CW\V101\backups\testabc
[cwdelete] counts: 60 bytes in 1 dir(s) and 1 file(s)
BUILD FAILED
D:\CW\V101\build.xml:2208: The following error occurred while executing this line:
D:\CW\V101\build\build-schema.xml:1153: The following error occurred while executing this line:
D:\CW\V101\build\build-schema.xml:1205: The following error occurred while executing this line:
D:\CW\V101\build\build-schema.xml:1404: JDBC get connection through driver manager failed : Could not create KeyStore instance [problem accessing trust store]
Total time: 34 seconds
ANT COMMAND DONE
Start Clearwell services? (y/n):
Cause
The certificate is in the incorrect format. It's possible that the java cacerts file was deleted/corrupted. Someone may have copied the cacerts.bcfks file to cacerts but did not convert the file type from BCFKS back to JKS; therefore, the file was in the wrong format for the appliance backup to work properly. Typically, for version eDiscovery Platform (eDP) v10.x.x, the java cacerts is in the C:\jdk-xxxxx-windows-x64\jre\lib\security\cacerts.
Solution
Note: As mentioned in the cause section above, make sure to change the path to the appropriate location of the cacerts file. This will be different depending on the version of eDP. Additionally, the password used in the solutions below may need to be changed to the appropriate password.
Solution 1 - Use keytool command to convert the file:
keytool -importkeystore -srckeystore C:\jdk-8u301-windows-x64\jre\lib\security\cacerts -srcstoretype BCFKS -srcstorepass changeit -destkeystore C:\jdk-8u301-windows-x64\jre\lib\security\cacerts -deststorepass changeit -deststoretype JKS -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
Solution 2 - Use Keystore Explorer tool to convert the file:
- Open Keystore Explorer and use File > Open to navigate to C:\jdk-8u301-windows-x64\jre\lib\security and open the cacerts file.
- When asked for password type changeit (default)
- On the menu, open Tools > Change KeyStore Type and select JKS.
- On the menu, select File > Save
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.