OpenDJ not starting after updating serverKeystore.jks
48 views
Skip to first unread message
Mark
Jul 15, 2015, 9:45:39 AM7/15/15
to ddf-...@googlegroups.com
I have gone through the steps to update my certificates in DDF. I went through the instructions in the 2.7.0 Management PDF and tried to restart DDF. I have checked and re-checked that the password I put in the system.properties file is correct. Is there any other changes that I need to make in order to verify that the configuration is correct?
I see the following exception in the ddf.log:
2015-07-15 09:32:43,646 | INFO | Event Dispatcher | LDAPManager | endj.embedded.server.LDAPManager 102 | 283 - opendj-embedded-server - 1.3.0 | Starting LDAP Server Configuration.
2015-07-15 09:32:47,772 | WARN | Event Dispatcher | LDAPManager | endj.embedded.server.LDAPManager 135 | 283 - opendj-embedded-server - 1.3.0 | Error while starting embedded server.
org.codice.opendj.embedded.server.LDAPException: Error while starting embedded server.
at org.codice.opendj.embedded.server.LDAPManager.startServer(LDAPManager.java:134)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_79]
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:297)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:958)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:712)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:824)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:787)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:79)[14:org.apache.aries.blueprint.core:1.4.2]
at java.util.concurrent.FutureTask.run(FutureTask.java:262)[:1.7.0_79]
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:88)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:245)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:183)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:682)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:377)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:269)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:294)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:263)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:253)[14:org.apache.aries.blueprint.core:1.4.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)[9:org.apache.aries.util:1.1.0]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)[9:org.apache.aries.util:1.1.0]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)[9:org.apache.aries.util:1.1.0]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)[9:org.apache.aries.util:1.1.0]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)[9:org.apache.aries.util:1.1.0]
at org.eclipse.osgi.framework.internal.core.Framework$10.call(Framework.java:1605)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.notifyHookPrivileged(ServiceRegistry.java:1239)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.notifyHooksPrivileged(ServiceRegistry.java:1222)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.Framework.notifyEventHooksPrivileged(Framework.java:1602)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.Framework.publishBundleEventPrivileged(Framework.java:1557)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.Framework.publishBundleEvent(Framework.java:1504)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.Framework.publishBundleEvent(Framework.java:1499)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:391)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)[osgi-3.9.1-v20140110-1610.jar:]
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)[osgi-3.9.1-v20140110-1610.jar:]
Caused by: org.opends.server.config.ConfigException: An error occurred while trying to initialize a connection handler loaded from class org.opends.server.protocols.ldap.LDAPConnectionHandler with the information in configuration entry cn=LDAP Connection Handler,cn=Connection Handlers,cn=config: An error occurred while attempting to initialize the SSL context for use in the LDAP Connection Handler: An error occurred while trying to load the keystore contents from file ../../keystores/serverKeystore.jks: IOException(Keystore was tampered with, or password was incorrect) (id=1310782) (LDAPConnectionHandler.java:723 NativeMethodAccessorImpl.java:-2 NativeMethodAccessorImpl.java:57 DelegatingMethodAccessorImpl.java:43 Method.java:606 ConnectionHandlerConfigManager.java:441 ConnectionHandlerConfigManager.java:319 DirectoryServer.java:2830 DirectoryServer.java:1436 EmbeddedUtils.java:88 LDAPManager.java:127 NativeMethodAccessorImpl.java:-2 NativeMethodAccessorImpl.java:57 DelegatingMethodAccessorImpl.java:43 Method.java:606 ReflectionUtils.java:297 BeanRecipe.java:958 BeanRecipe.java:712 BeanRecipe.java:824 BeanRecipe.java:787 AbstractRecipe.java:79 ...). This connection handler will be disabled
at org.opends.server.core.ConnectionHandlerConfigManager.getConnectionHandler(ConnectionHandlerConfigManager.java:451)
at org.opends.server.core.ConnectionHandlerConfigManager.initializeConnectionHandlerConfig(ConnectionHandlerConfigManager.java:319)
at org.opends.server.core.DirectoryServer.initializeConnectionHandlers(DirectoryServer.java:2830)
at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1436)
at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:88)
at org.codice.opendj.embedded.server.LDAPManager.startServer(LDAPManager.java:127)
... 43 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_79]
at org.opends.server.core.ConnectionHandlerConfigManager.getConnectionHandler(ConnectionHandlerConfigManager.java:441)
... 48 more
Caused by: org.opends.server.types.InitializationException: An error occurred while attempting to initialize the SSL context for use in the LDAP Connection Handler: An error occurred while trying to load the keystore contents from file ../../keystores/serverKeystore.jks: IOException(Keystore was tampered with, or password was incorrect) (id=1310782)
at org.opends.server.protocols.ldap.LDAPConnectionHandler.initializeConnectionHandler(LDAPConnectionHandler.java:723)
... 53 more
Scott Tustison
Jul 15, 2015, 10:02:47 AM7/15/15
to ddf-...@googlegroups.com
The embedded OpenDJ instance has hard coded keystore information in its configuration. It is only meant for testing and not for an actual deployment. It is possible to update the configuration, however, if you'd still like to use it. We have a wiki page detailing how to do this. I'm on my phone right now and can't seem to find it. Hopefully one of the other guys can link it for you.
Keith Wire
Jul 15, 2015, 12:28:10 PM7/15/15
to Scott Tustison, ddf-...@googlegroups.com
I believe this is what Scott is referring to: https://codice.atlassian.net/wiki/display/DDF/Configuring+a+Standalone+LDAP+Server
--Keith
On Wed, Jul 15, 2015 at 7:02 AM, Scott Tustison <scott.t...@gmail.com> wrote:
The embedded OpenDJ instance has hard coded keystore information in its configuration. It is only meant for testing and not for an actual deployment. It is possible to update the configuration, however, if you'd still like to use it. We have a wiki page detailing how to do this. I'm on my phone right now and can't seem to find it. Hopefully one of the other guys can link it for you.
--
You received this message because you are subscribed to the Google Groups "ddf-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ddf-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Keith C Wire
Reply all
Reply to author
Forward
0 new messages