Error Keystores are invalid when upgrade from 4.1.1 to 5.2.4

cancel
Showing results for 
Search instead for 
Did you mean: 
Rafabono_23
Member II

Error Keystores are invalid when upgrade from 4.1.1 to 5.2.4

Hi,

I am trying to migrate an Alfresco installation from version 4.1.1 to 5.2.4 (and then to 7.1).
I have followed the steps outlined at https://docs.alfresco.com/content-services/5.2/upgrade/#upgrading-alfresco-content-services. This is a one node installation.
I have done a clean install on a new server with version 5.2.4. After checking that it works correctly, I have configured alfresco-global.properties to point to the original database (from version 4.1.1) and to the original contentstore (from version 4.1.1), and I have deleted the index files so that they are generated again:
- /opt/alfresco-content-services/alf_data/solr4/index/workspace/SpacesStore/*
- /opt/alfresco-content-services/alf_data/solr4/index/archive/SpacesStore/*
- /opt/alfresco-content-services/alf_data/solr4/model/* /opt/alfresco-content-services/alf_data/solr4/model/*
- /opt/alfresco-content-services/alf_data/solr4/content/*

The original version (4.1.1) was configured with solr 1.4, and in version 5.2.4 I am starting it with solr 4.

When I boot, the problem it shows me in catalina.out is:

org.alfresco.error.AlfrescoRuntimeException: 01070024 Keystores are invalid
        at org.alfresco.enterprise.repo.authorization.encryption.AlfrescoContentKeyStoreImpl$1.execute(AlfrescoContentKeyStoreImpl.java:89)
        at org.alfresco.enterprise.repo.authorization.encryption.AlfrescoContentKeyStoreImpl$1.execute(AlfrescoContentKeyStoreImpl.java:79)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:333)
        at org.alfresco.enterprise.repo.authorization.encryption.AlfrescoContentKeyStoreImpl.onApplicationEvent(AlfrescoContentKeyStoreImpl.java:78)
        at org.alfresco.enterprise.repo.authorization.encryption.AlfrescoContentKeyStoreImpl.onApplicationEvent(AlfrescoContentKeyStoreImpl.java:41)
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:214)
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:185)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:334)
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:954)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5110)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5633)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:1015)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:991)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:712)
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:2002)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.alfresco.encryption.MissingKeyException: Key authorization is missing from keystore system://system/28b04a08-4862-443b-8966-285ed1b28133
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:902)
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188)
        at org.alfresco.enterprise.repo.authorization.encryption.AlfrescoContentKeyStoreImpl.initiateAndValidate(AlfrescoContentKeyStoreImpl.java:118)
        at org.alfresco.enterprise.repo.authorization.encryption.AlfrescoContentKeyStoreImpl$1.execute(AlfrescoContentKeyStoreImpl.java:84)
        ... 27 more

I have tried putting the original keystore folder (from version 4.1.1) but it still crashes.
If I boot again but pointing to the initial database of the 5.4.2 installation with the keystore folder of version 4.1.1.1 it boots without problems.
What is the reason for this error?

Thank you very much.

3 Replies
fedorow
Senior Member II

Re: Error Keystores are invalid when upgrade from 4.1.1 to 5.2.4

Take the keystore folder from 5.2.4. It must be in the alf_data folder by default (dir.keystore=${dir.root}/keystore). As I understand when you try to start upgrade, you point contentsotre to old 4.1.1 alf_data with old 4.1.1 keystore.

Rafabono_23
Member II

Re: Error Keystores are invalid when upgrade from 4.1.1 to 5.2.4

Hello, thank you for your reply.

I try to boot pointing to the version 4.1 contenstore and to the version 4.1 database. Regarding the keystore, I have tried with both, version 5.4.2 and version 4.1, and I always get the error:

org.alfresco.error.AlfrescoRuntimeException: 01080024 Keystores are invalid

...

Caused by: org.alfresco.encryption.MissingKeyException: Key authorization is missing from keystore system://system/28b04a08-4862-443b-8966-285ed1b28133

Something curious, if I add this configuration to alfresco-global.properties for the clean install of alfresco 5.4.2:

# encryption
solr.secureComms=https
# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.keystore.keyMetaData.location=
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=JCEKS
encryption.ssl.truststore.keyMetaData.location=
# secret key keystore configuration
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.keyMetaData.location=
encryption.keystore.type=JCEKS

I get the following error:

org.alfresco.error.AlfrescoRuntimeException: 01080000 Keystores are invalid
...
Caused by: org.alfresco.encryption.MissingKeyException: Key metadata is missing from keystore /opt/alfresco-content-services/alf_data/keystore/keystore

And I have this configuration as well:

dir.root=/opt/alfresco-content-services/alf_data
dir.keystore=${dir.root}/keystore

It's as if it doesn't really take the files I have in: /opt/alfresco-content-services/alf_data/keystore

browser.p12
CreateSSLKeystores.txt
generate_keystores.bat
generate_keystores.sh
keystore
keystore-passwords.properties
readme.txt
ssl.keystore
ssl-keystore-passwords.properties
ssl.truststore
ssl-truststore-passwords.properties

 

Rafabono_23
Member II

Re: Error Keystores are invalid when upgrade from 4.1.1 to 5.2.4

If I add this configuration to the alfresco-global.properties file:

# encryption
solr.secureComms=https
# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=JCEKS
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=JCEKS
encryption.ssl.keystore.keyMetaData.location=${dir.keystore}/ssl-keystore-passwords.properties
encryption.ssl.truststore.keyMetaData.location=${dir.keystore}/ssl-truststore-passwords.properties
# secret key keystore configuration
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.keyMetaData.location=${dir.keystore}/keystore-passwords.properties
encryption.keystore.type=JCEKS

Now the keystore errors do not appear when starting alfresco pointing to the clean install data. But the original error still appears when I point to the 4.1 datastore and database.