JBoss server throws Failed to get Enterprise certificate with JBoss agent enable

Article Id: 36107
Status: Published
Updated On: 14-02-2018 06:40
Legacy Id: TEC1517733
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

 Introduction:

When you startup JBoss server with JBoss agent enabled, JBoss server log throws following error

Snippet of JBoss server log related to the error:

14:53:01,123 ERROR [ah] (http-/10.91.75.150:8080-1) SM_WSC_03502 - Failed to get Enterprise certificate: java.lang.RuntimeException: SM_WSC_03503 - Could not retrieve the configured enterprise certificate

        at ah.c(DashoA10*..)
        at ah.a(DashoA10*..)
        at com.netegrity.tm.contenthelper.service.PolicyServerServices.a(DashoA10*..) [soasmapi.jar:]
        at com.netegrity.tm.contenthelper.service.PolicyServerServices.<init>(DashoA10*..) [soasmapi.jar:]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.7.0_79]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) [rt.jar:1.7.0_79]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.7.0_79]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:526) [rt.jar:1.7.0_79]
        at a0.a(DashoA10*..)
        at com.netegrity.tm.contenthelper.api.ContentHelperService.initialize(DashoA10*..) [soasmapi.jar:]
        at com.ca.soa.agent.txmplugin.pluginconfig.TxmPluginConfig.initialiseTxM(TxmPluginConfig.java:301) [soaagent-txmplugin.jar:]
        at com.ca.soa.agent.txmplugin.pluginconfig.TxmPluginConfig.configure(TxmPluginConfig.java:127) [soaagent-txmplugin.jar:]
        at com.ca.soa.agent.core.pluginconfig.PluginLoader.initialiseAllPlugins(PluginLoader.java:90) [soaagent-core.jar:]
        at com.ca.soa.agent.core.pluginconfig.PluginLoader.<init>(PluginLoader.java:63) [soaagent-core.jar:]
        at com.ca.soa.agent.core.EvaluatorFactory.<init>(EvaluatorFactory.java:261) [soaagent-core.jar:]
        at com.ca.soa.agent.core.EvaluatorFactory.getInstance(EvaluatorFactory.java:140) [soaagent-core.jar:]
        at com.ca.soa.agent.core.EvaluatorFactory.getInstance(EvaluatorFactory.java:112) [soaagent-core.jar:]
        at com.ca.soa.agent.core.SMAgentInitializer.init(SMAgentInitializer.java:71) [soaagent-core.jar:]
        at com.ca.soa.agent.core.SMAgentInitializer.<clinit>(SMAgentInitializer.java:20) [soaagent-core.jar:]
        at com.ca.soa.agent.appserver.authenticator.jboss.SMJBoss6IdentityAsserter.authenticate(SMJBoss6IdentityAsserter.java:94) [asaagent-jboss6.jar:]
        at com.ca.soa.agent.appserver.authenticator.jboss.SMJBoss6IdentityAsserter.authenticate(SMJBoss6IdentityAsserter.java:69) [asaagent-jboss6.jar:]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:559) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]

Instructions:

The root cause of the issue is due to JBoss agent expects policy server has a certificate in "X509 Certificate Management -> Trusted Certificates and Private Keys" with Alias: defaultenterpriseprivatekey

<Please see attached file for image>

1_m.png

User can import the certificate (Click on “Import New”) after signed by CA together with Private Key

Or

Create a self sign certificate by click on “Request Certificate”

1.      At policy server WAMUI -> X509 Certificate Management -> Trusted Certificates and Private Keys -> Click on “Request Certificate”

<Please see attached file for image>

2.png

2.      Fill up the information in the following screen

<Please see attached file for image>

3_m.png

3.      Click on Save and self-signed certificate generate.

<Please see attached file for image>

4_m.png

4.      Restart the JBoss server with JBoss agent enable and the error reported in server.log should has been resolved.

Environment:

Release:
Component: SMJBSS

insert_drive_file 1558722592542000036107_sktwi1f5rjvs16wi9.png
arrow_downward Download
insert_drive_file 1558722590448000036107_sktwi1f5rjvs16wi8.png
arrow_downward Download
insert_drive_file 1558722588777000036107_sktwi1f5rjvs16wi7.png
arrow_downward Download
insert_drive_file 1558722586552000036107_sktwi1f5rjvs16wi6.png
arrow_downward Download