search cancel

In-place Autosys upgrade R12.1 installer creates 1024 bit cert for eem and fails with CAUAJM_E_112121 error


Article ID: 258268


Updated On:


CA Workload Automation AE


In-place upgrade Autosys R12.1 installer creates 1024 bit cert for eem and fails with CAUAJM_E_112121 error, while all EEM certificates are already 2048 bit. 

[CAUAJM_E_112121] An error occurred while authenticating the CA EEM server
with the certificate-based authentication.
The CA EEM certificate is configured with a certificate of length 1024.
AutoSys requires a key length of 2048 or higher. Therefore, modify the CA EEM
server certificate and re-launch the AutoSys installer..


Upgrading to 12.1 on Linux

Validated the checksum of 12.1 linux  iso and confirmed that it was fine as per the documentation.

MD5: 4fa00a67a966189a5424355b4939cc13


Thee EEM keysize is reported as 1024 by installler

2023-01-03 18:06:16,337 [main] DEBUG - EmbIAMProvider - About to authenticate With certificates
2023-01-03 18:06:16,386 [main] DEBUG - EmbIAMProvider - Authenticated With certificates
2023-01-03 18:06:16,387 [main] DEBUG - Retain for future use
2023-01-03 18:06:16,388 [main] DEBUG - checkEemVersion() - Begin
2023-01-03 18:06:16,389 [main] DEBUG - Check EEM Version
2023-01-03 18:06:16,390 [main] DEBUG - Is attached=false
2023-01-03 18:06:16,392 [main] DEBUG - Creating a new attach with applicationName=null
2023-01-03 18:06:16,392 [main] DEBUG - [email protected]
2023-01-03 18:06:16,405 [main] WARN - Encountered AssertionError: org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to use RSA key with non-approved size: 1024: RSA

autosys_secure shows the following servers as EEM


CAUAJM_I_60342 Unauthenticated user mode: OFF

Followed the knowledge article   Upgrade the keysize of EEM certificates   and found that keysize on EEM was 2048.

The temp.key created by the installer inn /temp is shown as 1024.

 $ openssl x509 -in temp.key -text -noout | grep "Public-Key";                 Public-Key: (1024 bit)


Release : 12.1


The random number generation was slow

Installed rngd on both the scheduler servers and EEM servers

In the EEM server, iAuthority.iTechSDK.xml in the iTechnology folder was owned by the root while all the other files were owned by autosys.

Since the igateway was running as autosys it could not access the  iAuthority.iTechSDK.xml and used the default values to create the certificate.

After Changing the ownership of $IGW_LOC/iAuthority.iTechSDK.xml to autosys:autosys and restarting the gateway the  temp.key was created with 2048 key length