search cancel

Console inaccessible after installing a third party certificate for tomcat on DLP Enforce

book

Article ID: 188256

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Environment

Release : 15.x, 14.x

Component : tomcat, third party certificates

Cause

You see these kind of entries in the localhost logs:

06 Apr 2020 20:23:13,927- Thread: 16 SEVERE [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/ProtectManager]] Exception sending context initialized event to listener instance of class [com.vontu.manager.spring.ManagerContextLoaderListener]
Cause: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'spcServices' defined in URL [jar:file:/D:/Program%20Files/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/spc/services/SpcServices.class]:
Unsatisfied dependency expressed through constructor parameter
...
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'spcRegistrationServiceImpl' defined in URL [jar:file:/D:/Program%20Files/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/spc/services/registration/SpcRegistrationServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getManagerKeyStore' defined in com.vontu.config.manager.ManagerSpringConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.security.ManagerKeyStore]: Factory method 'getManagerKeyStore' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'managerKeyStore' defined in com.vontu.config.manager.ManagerSpringConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.security.keystorecontainer.KeyStoreContainer]: Factory method 'getManagerKeyStoreContainer' threw exception; nested exception is com.vontu.security.KeyStorehouseException: Unable to ingnite cryptographic keys.
...
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)  at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)  at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)  at java.security.KeyStore.load(KeyStore.java:1445)  at com.vontu.security.keystorecontainer.KeyStoreContainer.readStoreFromStream(KeyStoreContainer.java:216)  ... 135 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)

Resolution

If you change the keystore password from the default, 'protect' when generating a new keystore, you must update the password values in the following two files:

  1. <InstallPath>\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\tomcat\conf\server.xml
    •  <Certificate certificateKeystoreFile="${catalina.base}/conf/.keystore" certificateKeystorePassword="protect"/>
  2. <InstallPath>\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\Protect.properties
    • # keystore password
      com.vontu.manager.tomcat.keystore.password = protect