How To
Summary
Failed to start IBM Resilient due to the error "Keystore was tampered with, or password was incorrect"
Steps
Symptom
After restart Resilient server, the web client can not be accessed.
Checking server log "/usr/share/co3/logs/client.log" there's error below:
Exception starting filter Co3ServletFilter
java.lang.RuntimeException: java.lang.RuntimeException: java.io.IOException: Keystore was tampered with, or password was incorrect
...
Caused by: java.security.UnrecoverableKeyException: Password verification failed
[main] ERROR v=unknown c.resilient.email.EmailServerDaemon - Failed to initialise Resilient Email daemon.
[main] ERROR v=unknown c.i.r.camelservice.CamelService - Failed to load keystore file /crypt/certs/keystore
Cause
The default keystore (which is under /crypt/certs) password does not match the keyvault password for "keystore" secret. To start the Resilient server the two passwords have to be in sync.
Solution
If you do not know the current keystore password you can follow the steps below to create a new keystore.
1. Rename the file "/crypt/certs/keystore to "/crypt/certs/keystore.old" as a backup.
2. Create a new self-signed certificate using command:
sudo keytool -genkeypair -alias co3 -keyalg rsa -validity 3650 -keysize 2048 -sigalg sha256withrsa -storepass "$(sudo resutil keyvaultget -name keystore)" -keypass "$(sudo resutil keyvaultget -name keystore)" -keystore /crypt/certs/keystore
Circumstances might require the values set to be different from the values in the example command.
3. Verify the passwords for both the keyvault and the keystore are the same by command:
sudo keytool -list -v -keystore /crypt/certs/keystore -storepass "$(sudo resutil keyvaultget -name keystore)"
The command should return one entry with alias name "co3".
4. Restart the IBM Resilient service
sudo systemctl restart resilient
If you are on IBM Resilient v32 or a higher version, you also need to restart resilient-messaging service:
sudo systemctl restart resilient-messaging
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
17 August 2021
UID
ibm11160152