Console inaccessible after installing a third party certificate for tomcat on DLP Enforce
Article ID: 188256
Updated On:
Products
Data Loss Prevention
Issue/Introduction
- You have followed the steps in this article, Create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- You generated a new password for the keystore (deviating from the default 'protect')
- However you fail to connect to the Enforce console after restarting the SymanteDLPManager service
Environment
Release : 15.x, 14.x
Component : tomcat, third party certificates
Cause
You see these kind of entries in the localhost logs:
06 Apr 2020 20:23:13,927- Thread: 16 SEVERE [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/ProtectManager]] Exception sending context initialized event to listener instance of class [com.vontu.manager.spring.ManagerContextLoaderListener]
Cause: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'spcServices' defined in URL [jar:file:/D:/Program%20Files/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/spc/services/SpcServices.class]:
Unsatisfied dependency expressed through constructor parameter
...
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'spcRegistrationServiceImpl' defined in URL [jar:file:/D:/Program%20Files/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/spc/services/registration/SpcRegistrationServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getManagerKeyStore' defined in com.vontu.config.manager.ManagerSpringConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.security.ManagerKeyStore]: Factory method 'getManagerKeyStore' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'managerKeyStore' defined in com.vontu.config.manager.ManagerSpringConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.security.keystorecontainer.KeyStoreContainer]: Factory method 'getManagerKeyStoreContainer' threw exception; nested exception is com.vontu.security.KeyStorehouseException: Unable to ingnite cryptographic keys.
...
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at com.vontu.security.keystorecontainer.KeyStoreContainer.readStoreFromStream(KeyStoreContainer.java:216) ... 135 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
06 Apr 2020 20:23:13,927- Thread: 16 SEVERE [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/ProtectManager]] Exception sending context initialized event to listener instance of class [com.vontu.manager.spring.ManagerContextLoaderListener]
Cause: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'spcServices' defined in URL [jar:file:/D:/Program%20Files/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/spc/services/SpcServices.class]:
Unsatisfied dependency expressed through constructor parameter
...
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'spcRegistrationServiceImpl' defined in URL [jar:file:/D:/Program%20Files/Symantec/DataLossPrevention/EnforceServer/15.5/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib/manager.jar!/com/vontu/manager/spc/services/registration/SpcRegistrationServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getManagerKeyStore' defined in com.vontu.config.manager.ManagerSpringConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.manager.security.ManagerKeyStore]: Factory method 'getManagerKeyStore' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'managerKeyStore' defined in com.vontu.config.manager.ManagerSpringConfiguration: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.security.keystorecontainer.KeyStoreContainer]: Factory method 'getManagerKeyStoreContainer' threw exception; nested exception is com.vontu.security.KeyStorehouseException: Unable to ingnite cryptographic keys.
...
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at com.vontu.security.keystorecontainer.KeyStoreContainer.readStoreFromStream(KeyStoreContainer.java:216) ... 135 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
Resolution
If you change the keystore password from the default, 'protect' when generating a new keystore, you must update the password values in the following two files:
- <InstallPath>\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\tomcat\conf\server.xml
- <Certificate certificateKeystoreFile="${catalina.base}/conf/.keystore" certificateKeystorePassword="protect"/>
- <InstallPath>\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\Protect.properties
- # keystore password
com.vontu.manager.tomcat.keystore.password = protect
- # keystore password
Feedback
Yes
No
Powered by
