Endpoint Protection Manager upgrade to 14.3 RU1 fails with java.security.InvalidKeyException

book

Article ID: 210723

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection Manager (SEPM) upgrade to 14.3 RU1 fails with java.security.InvalidKeyException: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl

Cause

SEPM certificate JKS file is created using key algorithm as EC and SEPM self signed certificate is updated using this JKS file. 
The self signed certificate will then show Signature Algorithm value as sha256ECDSA.
The upgrade will fail while publishing client packages. SEPM uses signature algorithm as 'SHA1withRSA'.

Environment

SEPM 14.x

Windows Server 20xx

Resolution

Exceptions seen in the Upgrade-0.log:

2021-02-16 11:33:05.121 THREAD 30 SEVERE: java.security.InvalidKeyException: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at java.base/java.security.Signature$Delegate.chooseProvider(Signature.java:1284)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1354)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at java.base/java.security.Signature.initSign(Signature.java:636)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.server.util.CertUtil.signData(CertUtil.java:871)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishClientPackages(UpgradeUtil.java:2217)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishUpgradedPackages(UpgradeUtil.java:2149)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.Upgrade.doUpgrade(Upgrade.java:1349)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeTask.go(UpgradeTask.java:147)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeProgressPanel$2.construct(UpgradeProgressPanel.java:248)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:151)
2021-02-16 11:33:05.121 THREAD 30 SEVERE:  at java.base/java.lang.Thread.run(Thread.java:834)
2021-02-16 11:33:05.137 THREAD 30 WARNING: Upgrade> updateTransactionLogFileSize>> Original log size is 2097152
2021-02-16 11:33:05.137 THREAD 30 SEVERE: java.lang.Exception: Failed to sign package, checksum=d23e208e7b0fa50f7ff5694690e3e4eb
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishClientPackages(UpgradeUtil.java:2220)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishUpgradedPackages(UpgradeUtil.java:2149)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.Upgrade.doUpgrade(Upgrade.java:1349)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeTask.go(UpgradeTask.java:147)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeProgressPanel$2.construct(UpgradeProgressPanel.java:248)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:151)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at java.base/java.lang.Thread.run(Thread.java:834)
2021-02-16 11:33:05.138 THREAD 30 SEVERE: java.lang.Exception: Failed to sign package, checksum=d23e208e7b0fa50f7ff5694690e3e4eb
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishClientPackages(UpgradeUtil.java:2220)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishUpgradedPackages(UpgradeUtil.java:2149)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.Upgrade.doUpgrade(Upgrade.java:1349)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeTask.go(UpgradeTask.java:147)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeProgressPanel$2.construct(UpgradeProgressPanel.java:248)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:151)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at java.base/java.lang.Thread.run(Thread.java:834)
2021-02-16 11:33:05.138 THREAD 30 SEVERE: com.sygate.scm.server.util.ServerException: Unexpected server error.
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishClientPackages(UpgradeUtil.java:2220)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.UpgradeUtil.publishUpgradedPackages(UpgradeUtil.java:2149)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.Upgrade.doUpgrade(Upgrade.java:1349)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeTask.go(UpgradeTask.java:147)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.server.upgrade.ui.UpgradeProgressPanel$2.construct(UpgradeProgressPanel.java:248)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:151)
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  at java.base/java.lang.Thread.run(Thread.java:834)
2021-02-16 11:33:05.138 THREAD 30 SEVERE: Caused by: java.lang.Exception: Failed to sign package, checksum=d23e208e7b0fa50f7ff5694690e3e4eb
2021-02-16 11:33:05.138 THREAD 30 SEVERE:  ... 7 more
2021-02-16 11:33:05.138 THREAD 30 SEVERE: Upgrade.doUpgrade com.sygate.scm.server.util.ServerException: Unexpected server error.

SEPM should be using Signature Algorithm as sha256RSA inside certificate.

Steps to rectify:
1) Take backup of SEPM database.
2) Update SEPM certificate using 'Manage server certificate'. (Key algorithm should be RSA)
3) Ensure certificate update is done maintaining client communication.
4) Upgrade the SEPM

Additional Information

ESCRT-6215