topic Re: Alfresco 23.1 Community - keystore error: Keystores are invalid in Alfresco Forum

Alfresco 23.1 Community - keystore error: Keystores are invalid

Marius_711 — Wed, 24 Jan 2024 21:35:31 GMT

Hi,

I've installed Alfresco Community 23.1 on Rocky Linux 9.3 (OpenJDK 21, PostgreSQL 16, Tomcat 10.1.17)- war method.

I've generated the keystore and truststore with the Alfresco-SSL-Generator with the following command:

./run.sh -alfrescoversion "community" -keysize 2048 -keystorepass "changeit" -keystoretype "PKCS12" -truststorepass "changeit" -truststoretype "PKCS12" -encstorepass "changeit" -encmetadatapass "changeit" -alfrescoformat "current"

The Tomcat config server.xml is setup like this:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
            maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
            clientAuth="want" sslProtocol="TLS"
            connectionTimeout="240000">
                <SSLHostConfig>
                        <Certificate
                                certificateKeystoreFile="/opt/alfresco/alf_data/keystore/ssl.keystore"
                                certificateKeystorePass="changeit"
                                certificateKeystoreType="PKCS12"
                                certificateTruststoreFile="/opt/alfresco/alf_data/keystore/ssl.truststore"
                                certificateTruststorePass="changeit"
                                certificateTruststoreType="PKCS12" />
                   </SSLHostConfig>
           </Connector>

Settings regarding the truststore and keystore in alfresco config file (alfresco-global.properties file):

# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=PKCS12
encryption.ssl.keystore.keyMetaData.location=
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=PKCS12
encryption.ssl.truststore.keyMetaData.location=
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.type=PKCS12
encryption.keystore.keyMetaData.location=

Starting tomcat I got the following error:

2024-01-24T23:16:29,054 [] ERROR [web.context.ContextLoader] [main] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: 00240002 Keystores are invalid
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:1) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:321) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker.onBootstrap(EncryptionChecker.java:67) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56) ~[spring-surf-core-9.0.jar:9.0]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:232) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:197) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:217) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:437) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:370) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:961) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:611) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:394) ~[spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:274) [spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:102) [spring-web-6.0.12.jar:6.0.12]
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70) [classes/:23.1.0.255]
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4422) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4860) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:712) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:643) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1939) [catalina.jar:10.1.17]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) [?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123) [?:?]
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:426) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1661) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:845) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) [catalina.jar:10.1.17]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145) [?:?]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:240) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:917) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.Catalina.start(Catalina.java:795) [catalina.jar:10.1.17]
        at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347) [bootstrap.jar:10.1.17]
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478) [bootstrap.jar:10.1.17]
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00240001 Failed to create key: metadata
 in key store:
   Location: /opt/alfresco/alf_data/keystore/keystore
   Provider: null
   Type:     PKCS12
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:664) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00240000 Unable to get secret key: no key information is provided
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.getSecretKey(AlfrescoKeyStoreImpl.java:775) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:642) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more

Using keytool to read the keystore file is working fine, so the keystore is not tampered.

Any ideas on what is wrong here ?

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

angelborroy — Thu, 25 Jan 2024 07:14:54 GMT

The message is not related to keystore nor truststore (asymmetric cryptography, certificates).

The message is related to metadata encryption (symmetric cryptography, secret key), that is stored also on a keystore.

This is the recommended configuration for this metdata keystore:

encryption.keystore.type=JCEKS
encryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
encryption.keyAlgorithm=DESede
encryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
metadata-keystore.password=mp6yc0UD9e
metadata-keystore.aliases=metadata
metadata-keystore.metadata.password=oKIWzVdEdA
metadata-keystore.metadata.algorithm=DESede

https://github.com/Alfresco/alfresco-docker-installer/blob/master/generators/app/templates/23.1/docker-compose.yml#L22

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Marius_711 — Thu, 25 Jan 2024 11:32:26 GMT

Hi Angel,

Thanks for reply.

I've regenerated the keystore uding the ssl-tool in order to have the keystore file of type JCEKS

./run.sh -alfrescoversion "community" -keysize 2048 -keystorepass "changeit" -keystoretype "PKCS12" -truststorepass "changeit" -truststoretype "PKCS12" -encstorepass "changeit" -encmetadatapass "changeit" -alfrescoformat "classic"

and copy them in the /opt/alfresco/alf_data/keystore folder.

Also updated the alfrescco-global properties file

# ssl encryption
encryption.ssl.keystore.location=${dir.keystore}/ssl.keystore
encryption.ssl.keystore.type=PKCS12
encryption.ssl.keystore.keyMetaData.location=
encryption.ssl.truststore.location=${dir.keystore}/ssl.truststore
encryption.ssl.truststore.type=PKCS12
encryption.ssl.truststore.keyMetaData.location=
encryption.keystore.location=${dir.keystore}/keystore
encryption.keystore.type=JCEKS
encryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
encryption.keyAlgorithm=DESede
metadata-keystore.location=${dir.keystore}/keystore
metadata-keystore.password=changeit
metadata-keystore.aliases=metadata
metadata-keystore.metadata.password=changeit
metadata-keystore.metadata.algorithm=DESede

Now I got almost the same error (see below), the difference is the keystore type.

2024-01-25T13:28:44,022 [] ERROR [web.context.ContextLoader] [main] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: 00250002 Keystores are invalid
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:1) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:321) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker.onBootstrap(EncryptionChecker.java:67) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56) ~[spring-surf-core-9.0.jar:9.0]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:232) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:197) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:217) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:437) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:370) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:961) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:611) ~[spring-context-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:394) ~[spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:274) [spring-web-6.0.12.jar:6.0.12]
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:102) [spring-web-6.0.12.jar:6.0.12]
        at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70) [classes/:23.1.0.255]
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4422) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4860) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:683) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:658) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:712) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:643) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1939) [catalina.jar:10.1.17]
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) [?:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123) [?:?]
        at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:426) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1661) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:114) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:345) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:893) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:845) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332) [catalina.jar:10.1.17]
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322) [catalina.jar:10.1.17]
        at java.util.concurrent.FutureTask.run(FutureTask.java:317) [?:?]
        at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-util.jar:10.1.17]
        at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145) [?:?]
        at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:866) [catalina.jar:10.1.17]        at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:240) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardService.startInternal(StandardService.java:433) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:917) [catalina.jar:10.1.17]
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171) [catalina.jar:10.1.17]
        at org.apache.catalina.startup.Catalina.start(Catalina.java:795) [catalina.jar:10.1.17]
        at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347) [bootstrap.jar:10.1.17]
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478) [bootstrap.jar:10.1.17]
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00250001 Failed to create key: metadata
 in key store:
   Location: /opt/alfresco/alf_data/keystore/keystore
   Provider: null
   Type:     JCEKS
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:664) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 00250000 Unable to get secret key: no key information is provided
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.getSecretKey(AlfrescoKeyStoreImpl.java:775) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:642) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188) ~[alfresco-core-23.1.0.255.jar:23.1.0.255]        at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73) ~[alfresco-repository-23.1.0.255.jar:23.1.0.255]
        ... 55 more

Thanks,

Marius

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

PBulloch — Tue, 13 Feb 2024 06:13:45 GMT

Hi Marius,

Not sure if you've already found a fix, but I noticed in your connector in the server.xml file you are using

protocol="org.apache.coyote.http11.Http11NioProtocol"

I believe this needs to be changed to

protocol="HTTP/1.1"

as of Tomcat 9 onwards when setting up Alfresco. I believe it's mentioned in this page somewhere.

Not sure if that will solve your problem but just wanted to mention it.

Good luck!

Peter

Re: Alfresco 23.1 Community - keystore error: Keystores are invalid

Marius_711 — Wed, 10 Apr 2024 10:26:31 GMT

I found out the root cause - the tomcat's catalina.sh file need to be updated with the following line:

JAVA_TOOL_OPTIONS="
-Dencryption.keystore.type=JCEKS 
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding 
-Dencryption.keyAlgorithm=DESede 
-Dencryption.keystore.location=<ALF_HOME>/keystore -Dmetadata-keystore.password=<password> 
-Dmetadata-keystore.aliases=metadata 
-Dmetadata-keystore.metadata.password=<passwordd>
-Dmetadata-keystore.metadata.algorithm=DESede"

Thanks to Abhinav Kumar Mishra - the solution is in this blog post: Setup ACS-7.x, ASS-2.x and Local Transformation Service using distribution package step by step Part-1