CA Access gateway is not running properly and intermittently causing an outage.
This error is logged in server.log when CA Access gateway started.
[04/May/2021:11:07:23-084] [ERROR] - ERROR: SSLConfig
java.security.KeyStoreException: JKS not found
at java.security.KeyStore.getInstance(KeyStore.java:851) ~[?:1.8.0_222]
at com.netegrity.util.SSLConfig.<init>(Unknown Source) [proxyutils.jar:?]
at com.netegrity.util.SmSSLConfig.<init>(Unknown Source) [proxyutils.jar:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [?:1.8.0_222]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:1.8.0_222]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:1.8.0_222]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [?:1.8.0_222]
at java.lang.Class.newInstance(Class.java:442) [?:1.8.0_222]
at com.netegrity.util.SSLConfig.getInstance(Unknown Source) [proxyutils.jar:?]
at org.tigris.noodle.Noodle.init(Unknown Source) [proxyrt.jar:?]
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1228) [catalina.jar:7.0.94]
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1172) [catalina.jar:7.0.94]
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1066) [catalina.jar:7.0.94]
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5449) [catalina.jar:7.0.94]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5747) [catalina.jar:7.0.94]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) [catalina.jar:7.0.94]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1707) [catalina.jar:7.0.94]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1697) [catalina.jar:7.0.94]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_222]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_222]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_222]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]
Caused by: java.security.NoSuchAlgorithmException: JKS KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) ~[?:1.8.0_222]
at java.security.Security.getImpl(Security.java:695) ~[?:1.8.0_222]
at java.security.KeyStore.getInstance(KeyStore.java:848) ~[?:1.8.0_222]
... 21 more
Verified server.conf, that Tomcat default keystore actually has not been enabled.
#local.https.keyStoreFileName="tomcat.keystore"
Verified that there was no https ciphers changes recently on CA Access gateway configuration.
Verified that there was no ssl related changes recently on CA Access gateway apache configuration.
Release : 12.8sp3
Component : SITEMINDER SECURE PROXY SERVER
There was a Java JDK/JRE change on the particular system, where ~/java/jre/lib/security/java.security was deleted and missing.
CA Access gateway relies on this JRE in order to run properly, when checking the java process, it will review the path.
Customer restored missing java file, restarted CA Access gateway, then service became stable.