Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Invalid keystores from Tomcat

Go to answer
Not applicable

‎11-23-2020 01:09 AM

I have installed Alfresco community services version using this guide and on starting tomcat service the alfresco throws an error on Invalid Keystores. I have generated the keystores using the documentation from alfresco but it seems not to solve the problem. What could be the issue? I have attached the alfresco.log output below.

2020-11-23 08:58:05,786 WARN  [org.alfresco.heartbeat.datasender.HBDataSenderServiceBuilder] [localhost-startStop-1] Setting the Heartbeat sender cron with property 'heartbeat.sender.cronExpression' is no longer supported.
2020-11-23 08:58:06,076 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Ignoring script patch (post-Hibernate): patch.db-V4.2-metadata-query-indexes
2020-11-23 08:58:06,076 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Ignoring script patch (post-Hibernate): patch.db-V5.1-metadata-query-indexes
2020-11-23 08:58:06,077 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Ignoring script patch (post-Hibernate): patch.db-V5.2-remove-jbpm-tables-from-db
2020-11-23 08:58:06,593 INFO  [org.alfresco.repo.admin] [localhost-startStop-1] Using database URL 'jdbc:postgresql://localhost:5801/alfresco' with user 'alfresco'.
2020-11-23 08:58:06,594 INFO  [org.alfresco.repo.admin] [localhost-startStop-1] Connected to database PostgreSQL version 11.4
2020-11-23 08:58:14,636 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
2020-11-23 08:58:14,775 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1] complete
2020-11-23 08:58:14,945 ERROR [org.alfresco.repo.content.transform.LocalTransformServiceRegistry] [QuartzScheduler_Worker-2] 10230000 Failed to connect or to read the response from T-Engine on http://localhost:8090/transform/config
2020-11-23 08:58:17,653 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] [localhost-startStop-1] Registered template processor Repository Template Processor for extension ftl
2020-11-23 08:58:17,659 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] [localhost-startStop-1] Registered script processor Repository Script Processor for extension js
2020-11-23 08:58:19,145 ERROR [org.alfresco.repo.content.transform.LocalTransformServiceRegistry] [QuartzScheduler_Worker-2] 10230001 Failed to connect or to read the response from T-Engine on http://localhost:8093/transform/config
2020-11-23 08:58:20,976 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'ContentStore' subsystem, ID: [ContentStore, managed, unencrypted]
2020-11-23 08:58:21,054 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'ContentStore' subsystem, ID: [ContentStore, managed, unencrypted] complete
2020-11-23 08:58:21,090 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Connecting to database: jdbc:postgresql://localhost:5999/alfresco, UserName=alfresco, PostgreSQL JDBC Driver
2020-11-23 08:58:21,090 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Schema managed by database dialect org.alfresco.repo.domain.dialect.PostgreSQLDialect.
2020-11-23 08:58:21,112 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Applied patches detected: 10
2020-11-23 08:58:21,150 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Checking and patching Alfresco tables took 37 ms
2020-11-23 08:58:21,153 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Activiti tables need to be checked for patches
2020-11-23 08:58:21,186 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Checking and patching Activiti tables took 33 ms
2020-11-23 08:58:21,219 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Checking that all patches have been applied took 32 ms
2020-11-23 08:58:21,220 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Updating the DB schema took 126 ms
2020-11-23 08:58:21,222 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] No changes were made to the schema.
2020-11-23 08:58:21,384 ERROR [org.springframework.web.context.ContextLoader] [localhost-startStop-1] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: 10230003 Keystores are invalid
	at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78)
	at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:1)
	at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450)
	at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:319)
	at org.alfresco.encryption.EncryptionChecker.onBootstrap(EncryptionChecker.java:67)
	at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
	at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:221)
	at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:186)
	at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:206)
	at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
	at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:359)
	at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:896)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:400)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:291)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103)
	at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:70)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4689)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5155)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:970)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1840)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.alfresco.error.AlfrescoRuntimeException: 10230002 Failed to create key: metadata
 in key store: 
   Location: classpath:alfresco/keystore/keystore
   Provider: null
   Type:     JCEKS
	at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:661)
	at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:907)
	at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188)
	at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49)
	at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73)
	... 29 more
Caused by: java.lang.NullPointerException
	at org.alfresco.encryption.AlfrescoKeyStoreImpl.getSecretKey(AlfrescoKeyStoreImpl.java:770)
	at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:639)
	... 33 more
2020-11-23 08:58:21,953 WARN  [org.springframework.web.context.support.XmlWebApplicationContext] [localhost-startStop-1] Exception thrown from ApplicationListener handling ContextClosedEvent
java.lang.NullPointerException
	at org.alfresco.repo.workflow.activiti.ActivitiEngineInitializer.onShutdown(ActivitiEngineInitializer.java:65)
	at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:67)
	at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:221)
	at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:191)
	at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:206)
	at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402)
	at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:359)
	at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:1009)
	at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:975)
	at org.springframework.web.context.ContextLoader.closeWebApplicationContext(ContextLoader.java:516)
	at org.springframework.web.context.ContextLoaderListener.contextDestroyed(ContextLoaderListener.java:112)
	at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4735)
	at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5399)
	at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:257)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:187)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:970)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1840)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020-11-23 08:58:22,059 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopping 'ContentStore' subsystem, ID: [ContentStore, managed, unencrypted]
2020-11-23 08:58:22,061 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopped 'ContentStore' subsystem, ID: [ContentStore, managed, unencrypted]
2020-11-23 08:58:22,565 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopping 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
2020-11-23 08:58:22,565 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopped 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
2020-11-23 08:58:23,191 ERROR [org.alfresco.repo.content.transform.LocalTransformServiceRegistry] [QuartzScheduler_Worker-2] 10230004 Failed to connect or to read the response from T-Engine on http://localhost:8091/transform/config
2020-11-23 08:58:23,267 ERROR [org.alfresco.repo.content.transform.LocalTransformServiceRegistry] [QuartzScheduler_Worker-2] Config read failed. Illegal access: this web application instance has been stopped already. Could not load [org/apache/http/client/version.properties]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [org/apache/http/client/version.properties]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
	at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1378)
	at org.apache.catalina.loader.WebappClassLoaderBase.getResourceAsStream(WebappClassLoaderBase.java:1107)
	at org.apache.http.util.VersionInfo.loadVersionInfo(VersionInfo.java:233)
	at org.apache.http.util.VersionInfo.getUserAgent(VersionInfo.java:319)
	at org.apache.http.impl.client.HttpClientBuilder.build(HttpClientBuilder.java:1057)
	at org.apache.http.impl.client.HttpClients.createDefault(HttpClients.java:56)
	at org.alfresco.transform.client.registry.CombinedConfig.addRemoteConfig(CombinedConfig.java:134)
	at org.alfresco.transform.client.registry.CombinedConfig.addRemoteConfig(CombinedConfig.java:115)
	at org.alfresco.repo.content.transform.LocalTransformServiceRegistry.readConfig(LocalTransformServiceRegistry.java:141)
	at org.alfresco.transform.client.registry.TransformServiceRegistryImpl$1.readConfig(TransformServiceRegistryImpl.java:80)
	at org.alfresco.util.ConfigScheduler.readConfigAndReplace(ConfigScheduler.java:208)
	at org.alfresco.util.ConfigScheduler$ConfigSchedulerJob.execute(ConfigScheduler.java:64)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
angelborroy
Community Manager Community Manager
Community Manager
In response to

‎11-24-2020 03:44 AM

Hope this helps:

https://www2.slideshare.net/angelborroy/alfresco-certificates

That "keystore" is not for SSL / mTLS configuration, but for encryption. As you're not using encryption (Community doesn't have this feature) you can use default "keystore" for that.

Hyland Developer Evangelist

View answer in original post

13 REPLIES 13

Go to answer
bvictor
Champ on-the-rise
Champ on-the-rise
In response to angelborroy

‎05-15-2021 06:01 AM

Hi,

Which is this default "keystore"? I am installing the latest community version and i am getting the same error despite following the installation intsructions. I have tried teh alfresco-ssl-generator tool with no success. I have also copied the keystore directory that comes with the zip distibution to my alf_data directory but i keep on getting the following error:

org.alfresco.error.AlfrescoRuntimeException: 04150006 Keystores are invalid
at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78)
at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:1)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:450)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:319)
at org.alfresco.encryption.EncryptionChecker.onBootstrap(EncryptionChecker.java:67)

..................................

Caused by: org.alfresco.error.AlfrescoRuntimeException: 04150005 Failed to create key: metadata
in key store:
Location: E:/alfresco-community7/alf_data/keystore/keystore
Provider: null
Type: pkcs12
at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:664)
at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:915)
at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:188)
at org.alfresco.encryption.KeyStoreChecker.validateKeyStores(KeyStoreChecker.java:49)
at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:73)
... 57 more
Caused by: org.alfresco.error.AlfrescoRuntimeException: 04150004 Unable to get secret key: no key information is provided
at org.alfresco.encryption.AlfrescoKeyStoreImpl.getSecretKey(AlfrescoKeyStoreImpl.java:775)
at org.alfresco.encryption.AlfrescoKeyStoreImpl.createKey(AlfrescoKeyStoreImpl.java:642)
... 61 more

0 Kudos

Go to answer
sp2
Elite Collaborator
Elite Collaborator
In response to bvictor

‎06-12-2021 01:08 AM

Try Below Steps:

Example: assume that default keystore files are present in the below path:

C:/alfresco7/alf_data/keystore/metadata-keystore/keystore

To configure ACS 7 Tomcat 9 to use this default keystore file, you need to open

<tomcat 9_install_home_directory>/bin/catalina.bat.

 

Add the below line into catalina.bat (right under 'set JAVA_OPTS=' lines)

 

set “JAVA_TOOL_OPTIONS=-Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=C:/alfresco7/alf_data/keystore/metadata-keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede”

NoteSmiley Very Happyencryption.keystore.location=<your own keystore file location>

Go to answer
amberream
Champ in-the-making
Champ in-the-making
In response to angelborroy

‎08-12-2022 07:21 PM

The link in the accepted solution is broken.  I'm stuck with the same error, "Invalid keystore format", after generating my keystores with the github project.

0 Kudos

Go to answer
giasqui
Confirmed Champ
Confirmed Champ

‎01-21-2026 12:30 PM

Here in the following my scenario: upon restarting Tomcat, the following errors appear in the catalina.out log:

 
Jan 21, 2026 4:19:23 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class [org.alfresco.web.app.ContextLoaderListener]

org.alfresco.error.AlfrescoRuntimeException: 00210000 Keystores are invalid
    at org.alfresco.encryption.EncryptionChecker$1.execute(EncryptionChecker.java:78)
    ...
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)

Caused by: org.alfresco.encryption.MissingKeyException: Key metadata is missing from keystore /opt/sgd/keystore//keystore
    at org.alfresco.encryption.AlfrescoKeyStoreImpl.validateKeys(AlfrescoKeyStoreImpl.java:910)
    ... 57 more

The solution for this error is this thread in one of the last post: https://connect.hyland.com/t5/alfresco-forum/invalid-keystores-from-tomcat/m-p/110919/highlight/true...

Specifically, refer to one of the final posts in the thread. Note that while the original solution was intended for Windows, it has been adapted for a Linux environment. Instead of modifying catalina.sh directly, the encryption configuration was added to setenv.sh. The file now looks as follows:

 
root@rpu-sgd-as01:/opt/sgd/tomcat/bin# cat setenv.sh

#!/bin/sh

# Log4j Configuration
CATALINA_OPTS="$CATALINA_OPTS -Dlog4j2.configurationFile=/opt/sgd/tomcat/shared/classes/alfresco/extension/log4j2.xml"

# Encryption Configuration
CATALINA_OPTS="$CATALINA_OPTS -Dencryption.keystore.type=JCEKS \
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding \
-Dencryption.keyAlgorithm=DESede \
-Dencryption.keystore.location=/opt/sgd/keystore/metadata-keystore/keystore \
-Dmetadata-keystore.password=mp6yc0UD9e \
-Dmetadata-keystore.aliases=metadata \
-Dmetadata-keystore.metadata.password=oKIWzVdEdA \
-Dmetadata-keystore.metadata.algorithm=DESede"

export CATALINA_OPTS

root@rpu-sgd-as01:/opt/sgd/tomcat/bin#

And it works for me.

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2026 Khoros, LLC