Alfresco 23.1 Community - keystore error: Keystores are invalid

cancel
Showing results for 
Search instead for 
Did you mean: 
Marius_711
Active Member

Alfresco 23.1 Community - keystore error: Keystores are invalid

Jump to solution

Hi,

I've installed Alfresco Community 23.1 on Rocky Linux 9.3 (OpenJDK 21, PostgreSQL 16, Tomcat 10.1.17)- war method.

I've generated the keystore and truststore with the Alfresco-SSL-Generator with the following command:

./run.sh -alfrescoversion "community" -keysize 2048 -keystorepass "changeit" -keystoretype "PKCS12" -truststorepass "changeit" -truststoretype "PKCS12" -encstorepass "changeit" -encmetadatapass "changeit" -alfrescoformat "current"

The Tomcat config server.xml is setup like this:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
            maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
            clientAuth="want" sslProtocol="TLS"
            connectionTimeout="240000">
                <SSLHostConfig>
                        <Certificate
                                certificateKeystoreFile="/opt/alfresco/alf_data/keystore/ssl.keystore"
                                certificateKeystorePass="changeit"
                                certificateKeystoreType="PKCS12"
                                certificateTruststoreFile="/opt/alfresco/alf_data/keystore/ssl.truststore"
                                certificateTruststorePass="changeit"
                                certificateTruststoreType="PKCS12" />
                   </SSLHostConfig>
           </Connector>

Settings regarding the truststore and keystore in alfresco config file (alfresco-global.properties file):

# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=PKCS12
encryption.ssl.keystore.keyMetaData.location=
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=PKCS12
encryption.ssl.truststore.keyMetaData.location=
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.type=PKCS12
encryption.keystore.keyMetaData.location=

Starting tomcat I got the following error:

2024-01-24T23:16:29,054 [] ERROR [web.context.ContextLoader] [main] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: 00240002 Keystores are invalid
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:1) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:321) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker.onBootstrap(EncryptionChecker.java:67) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56) ~[spring-surf-core-9.0.jar:9.0]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:232) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:197) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:217) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:437) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:370) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:961) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:611) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:394) ~[spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:274) [spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:102) [spring-web-6.0.12.jar:6.0.12]
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70) [classes/:23.1.0.255]
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4422) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4860) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:712) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:643) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1939) [catalina.jar:10.1.17]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) [?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123) [?:?]
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:426) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1661) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:845) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) [catalina.jar:10.1.17]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145) [?:?]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:240) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:917) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.Catalina.start(Catalina.java:795) [catalina.jar:10.1.17]
        at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347) [bootstrap.jar:10.1.17]
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478) [bootstrap.jar:10.1.17]
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00240001 Failed to create key: metadata
 in key store:
   Location: /opt/alfresco/alf_data/keystore/keystore
   Provider: null
   Type:     PKCS12
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:664) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00240000 Unable to get secret key: no key information is provided
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.getSecretKey(AlfrescoKeyStoreImpl.java:775) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:642) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more

Using keytool to read the keystore file is working fine, so the keystore is not tampered.

Any ideas on what is wrong here ?

 

1 Solution

Accepted Solutions
Marius_711
Active Member

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Jump to solution

I found out the root cause - the tomcat's catalina.sh file need to be updated with the following line:

JAVA_TOOL_OPTIONS="
-Dencryption.keystore.type=JCEKS 
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding 
-Dencryption.keyAlgorithm=DESede 
-Dencryption.keystore.location=<ALF_HOME>/keystore -Dmetadata-keystore.password=<password> 
-Dmetadata-keystore.aliases=metadata 
-Dmetadata-keystore.metadata.password=<passwordd>
-Dmetadata-keystore.metadata.algorithm=DESede"

 

Thanks to Abhinav Kumar Mishra - the solution is in this blog post: Setup ACS-7.x, ASS-2.x and Local Transformation Service using distribution package step by step Part... 

View solution in original post

4 Replies
angelborroy
Alfresco Employee

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Jump to solution

The message is not related to keystore nor truststore (asymmetric cryptography, certificates).

The message is related to metadata encryption (symmetric cryptography, secret key), that is stored also on a keystore.

This is the recommended configuration for this metdata keystore:

encryption.keystore.type=JCEKS
encryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
encryption.keyAlgorithm=DESede
encryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
metadata-keystore.password=mp6yc0UD9e
metadata-keystore.aliases=metadata
metadata-keystore.metadata.password=oKIWzVdEdA
metadata-keystore.metadata.algorithm=DESede

https://github.com/Alfresco/alfresco-docker-installer/blob/master/generators/app/templates/23.1/dock...

Hyland Developer Evangelist
Marius_711
Active Member

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Jump to solution

Hi Angel,

Thanks for reply.

I've regenerated the keystore uding the ssl-tool in order to have the keystore file of type JCEKS

 

./run.sh -alfrescoversion "community" -keysize 2048 -keystorepass "changeit" -keystoretype "PKCS12" -truststorepass "changeit" -truststoretype "PKCS12" -encstorepass "changeit" -encmetadatapass "changeit" -alfrescoformat "classic"

and copy them in the /opt/alfresco/alf_data/keystore folder.

 

Also updated the alfrescco-global properties file

# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=PKCS12
encryption.ssl.keystore.keyMetaData.location=
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=PKCS12
encryption.ssl.truststore.keyMetaData.location=
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.type=JCEKS
encryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
encryption.keyAlgorithm=DESede
metadata-keystore.location=${dir.keystore}/keystore metadata-keystore.password=changeit metadata-keystore.aliases=metadata metadata-keystore.metadata.password=changeit metadata-keystore.metadata.algorithm=DESede

Now I got almost the same error (see below), the difference is the keystore type.

2024-01-25T13:28:44,022 [] ERROR [web.context.ContextLoader] [main] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: 00250002 Keystores are invalid
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:1) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:321) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker.onBootstrap(EncryptionChecker.java:67) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56) ~[spring-surf-core-9.0.jar:9.0]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:232) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:197) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:217) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:437) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:370) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:961) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:611) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:394) ~[spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:274) [spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:102) [spring-web-6.0.12.jar:6.0.12]
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70) [classes/:23.1.0.255]
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4422) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4860) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:712) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:643) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1939) [catalina.jar:10.1.17]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) [?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123) [?:?]
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:426) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1661) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:845) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) [catalina.jar:10.1.17]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145) [?:?]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) [catalina.jar:10.1.17]        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:240) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:917) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.Catalina.start(Catalina.java:795) [catalina.jar:10.1.17]
        at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347) [bootstrap.jar:10.1.17]
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478) [bootstrap.jar:10.1.17]
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00250001 Failed to create key: metadata
 in key store:
   Location: /opt/alfresco/alf_data/keystore/keystore
   Provider: null
   Type:     JCEKS
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:664) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00250000 Unable to get secret key: no key information is provided
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.getSecretKey(AlfrescoKeyStoreImpl.java:775) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:642) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more

Thanks,

Marius

 

 

PBulloch
Member II

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Jump to solution

Hi Marius,

Not sure if you've already found a fix, but I noticed in your connector in the server.xml file you are using 

protocol="org.apache.coyote.http11.Http11NioProtocol"

I believe this needs to be changed to

protocol="HTTP/1.1"

as of Tomcat 9 onwards when setting up Alfresco. I believe it's mentioned in this page somewhere.

Not sure if that will solve your problem but just wanted to mention it.

Good luck!

Peter

Marius_711
Active Member

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Jump to solution

I found out the root cause - the tomcat's catalina.sh file need to be updated with the following line:

JAVA_TOOL_OPTIONS="
-Dencryption.keystore.type=JCEKS 
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding 
-Dencryption.keyAlgorithm=DESede 
-Dencryption.keystore.location=<ALF_HOME>/keystore -Dmetadata-keystore.password=<password> 
-Dmetadata-keystore.aliases=metadata 
-Dmetadata-keystore.metadata.password=<passwordd>
-Dmetadata-keystore.metadata.algorithm=DESede"

 

Thanks to Abhinav Kumar Mishra - the solution is in this blog post: Setup ACS-7.x, ASS-2.x and Local Transformation Service using distribution package step by step Part...