"java.lang.Error: Max key length is: 128 JCE Unlimited Strength Policy files are not detected" Received When Installing Navigator Key Trustee Server (Doc ID 2031844.1)

Last updated on JULY 14, 2015

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 and later
Linux x86-64

Symptoms

On BDA 4.2.0 there is a problem with the JCE Unlimited Strength Policy files when trying to start the Navigator Trustee KMS server.

All policy files are as follows:

ls -l /usr/java/latest/jre/lib/security/*_policy*
-rw-r--r-- 1 root root 3405 Apr 10 12:30 /usr/java/latest/jre/lib/security/local_policy.jar
-rw-r--r-- 1 root root 2920 Apr 10 12:30 /usr/java/latest/jre/lib/security/US_export_policy.jar


Here is the error message seen:

Tue Jul 14 13:13:31 CDT 2015
JAVA_HOME=/usr/java/default
Using /var/run/cloudera-scm-agent/process/1218-keytrustee-KMS_KEYTRUSTEE as conf dir
Using scripts/control.sh as process script
Tue Jul 14 13:13:31 CDT 2015
KMS_HOME is /opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/lib/hadoop-kms
KMS_LOG is /var/log/kms-keytrustee
KMS_CONFIG is /var/run/cloudera-scm-agent/process/1218-keytrustee-KMS_KEYTRUSTEE
KMS_MAX_THREADS is 250
KMS_HEAP_SIZE is 67108864
TOMCAT_CONF is /opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/lib/hadoop-kms/../../etc/hadoop-kms//tomcat-conf.http
CATALINA_BASE is /var/lib/keytrustee-kms/tomcat-deployment
SSL_ENABLED is false
KMS_SSL_KEYSTORE_FILE is
KMS_PLUGIN_DIR is /opt/cloudera/parcels/KEYTRUSTEE-5.4.0-1.cdh5.4.0.p0.193/keytrusteekp/lib
KMS_SSL_TRUSTSTORE_FILE is
WARNING: current setting of KMS_HOME ignored

Setting KMS_HOME: /opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/lib/hadoop-kms
Using KMS_CONFIG: /var/run/cloudera-scm-agent/process/1218-keytrustee-KMS_KEYTRUSTEE
Using KMS_LOG: /var/log/kms-keytrustee
Using KMS_TEMP: /var/run/cloudera-scm-agent/process/1218-keytrustee-KMS_KEYTRUSTEE/run/
Using KMS_HTTP_PORT: 16000
Using KMS_ADMIN_PORT: 16001
Using KMS_MAX_THREADS: 250
Setting KMS_SSL_KEYSTORE_FILE: /root/.keystore
Using CATALINA_BASE: /var/lib/keytrustee-kms/tomcat-deployment
Using KMS_CATALINA_HOME: /opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/lib/bigtop-tomcat
Setting CATALINA_OUT: /var/log/kms-keytrustee/kms-catalina.out
Setting CATALINA_PID: /tmp/kms.pid

Using CATALINA_OPTS: -Xmx67108864 -Djavax.net.ssl.trustStore= -Djavax.net.ssl.trustStorePassword=***
Adding to CATALINA_OPTS: -Dkms.home.dir=/opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/lib/hadoop-kms -Dkms.config.dir=/var/run/cloudera-scm-agent/process/1218
-keytrustee-KMS_KEYTRUSTEE -Dkms.log.dir=/var/log/kms-keytrustee -Dkms.temp.dir=/var/run/cloudera-scm-agent/process/1218-keytrustee-KMS_KEYTRUSTEE/run/ -Dkms.admin.p
ort=16001 -Dkms.http.port=16000 -Dkms.max.threads=250 -Dkms.ssl.keystore.file=/root/.keystore -Djava.library.path=/opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p0.27/li
b/hadoop/libexec/../lib/native/
Found KMS_SSL_KEYSTORE_PASS:
/var/run/cloudera-scm-agent/process/1218-keytrustee-KMS_KEYTRUSTEE/

ERROR: Hadoop KMS could not be started

REASON: java.lang.Error: Max key length is: 128. JCE Unlimited Strength Policy files are not detected. JCE Unlimited Strength policy files are required to to use Trustee key provider.


The policy files used are the ones that Mammonth installed with 4.2.0.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms