BoxMonitor fails to start due to java.lang.UnsupportedOperationException: SSL Key material unavailable.
search cancel

BoxMonitor fails to start due to java.lang.UnsupportedOperationException: SSL Key material unavailable.

book

Article ID: 199613

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

BoxMonitor fails to start up due to the following exception as shown in the BoxMonitor logs:

com.vontu.communication.dataflow.TransportManager <init>
SEVERE: Got IOException while trying to initialize the transport layer!
com.vontu.communication.transport.exception.TransportException: java.lang.UnsupportedOperationException: SSL Key material unavailable. Generate ssl keys and use it for deployment.
 at com.vontu.communication.transport.TransportStructures.<init>(TransportStructures.java:65)
 at com.vontu.communication.transport.Transport.<init>(Transport.java:81)
 at com.vontu.communication.dataflow.TransportManager.<init>(TransportManager.java:587)
 at com.vontu.communication.dataflow.TransportManager.createInstance(TransportManager.java:176)
 at com.vontu.communication.dataflow.Configurator.configure(Configurator.java:89)
 at com.vontu.communication.dataflow.Configurator.configure(Configurator.java:46)
 at com.vontu.boxmonitor.BoxMonitor.createMessenger(BoxMonitor.java:244)
 at com.vontu.boxmonitor.BoxMonitor.createBoxMonitor(BoxMonitor.java:152)
 at com.vontu.boxmonitor.BoxMonitor.start(BoxMonitor.java:292)
 at com.vontu.boxmonitor.BoxMonitor.main(BoxMonitor.java:318)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:325)
 at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.UnsupportedOperationException: SSL Key material unavailable. Generate ssl keys and use it for deployment.
 at com.vontu.communication.transport.TransportSSLContext.loadStores(TransportSSLContext.java:139)
 at com.vontu.communication.transport.TransportSSLContext.init(TransportSSLContext.java:88)
 at com.vontu.communication.transport.TransportSSLContext.<init>(TransportSSLContext.java:48)
at com.vontu.communication.transport.TransportStructures.<init>(TransportStructures.java:61)

Cause

  1.  The following Communication.properties file attribute has been set to false
     # Used to enable/disable built-in keys usage.
     SSLenableBuiltin = false
  2. Either no .sslKeyStore file or a corrupt .sslKeyStore file under
    C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<dlpversion>\keystore

Resolution

Either supply the correct .sslKeyStore file, or set SSLenableBuiltin back to the default of true on the detection server in Communication.properties

By default, DLP uses built-in certificates to enable TLS between the Enforce and Detection servers. If SSLenableBuiltin is set to false, you must have the appropriate .sslKeyStore files on the Enforce and Detection servers containing the public and private keys, respectively.

Additional Information

How to generate and add a new Detection Server certificates using SSLkeytool

Powered by Wolken Software