My Oracle Support Banner

Unable to Bring Siebel Server up After Changing JKS Password (Doc ID 2521628.1)

Last updated on FEBRUARY 07, 2020

Applies to:

Siebel CRM - Version 19.1 and later
Information in this document applies to any platform.

Symptoms

On :  19.1 version, Security

Customer wants to replace the self-signed certificates with proper server certificates and change the respective passwords, but the TLS port is not getting properly started.
The following error can be found on catalina.yyyy-mm-dd.log file.

ERROR
-----------------------
21-Feb-2019 15:13:34.246 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-9011"]
 java.lang.IllegalArgumentException: java.security.UnrecoverableKeyException: Cannot recover key
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:972)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:244)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
        at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
        at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
        at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
        at java.security.KeyStore.getKey(KeyStore.java:1023)
        at sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:133)
        at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
        at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
        at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:216)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)



STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Follow the steps described on https://docs.oracle.com/cd/E88140_01/books/Secur/secur_dataencrypt001.htm#sthref105
2. Bring the Siebel environment up
3. Try to connect to srvrmgr, for example, it will not be able to connect.

Changes

JKS password has been changed 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.