ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

JBoss server throws Failed to get Enterprise certificate with JBoss agent enable


Article ID: 36107


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When you startup JBoss server with JBoss agent enabled, JBoss server log throws following error

Snippet of JBoss server log related to the error:

14:53:01,123 ERROR [ah] (http-/ SM_WSC_03502 - Failed to get Enterprise certificate: java.lang.RuntimeException: SM_WSC_03503 - Could not retrieve the configured enterprise certificate

        at ah.c(DashoA10*..)
        at ah.a(DashoA10*..)
        at*..) [soasmapi.jar:]
        at<init>(DashoA10*..) [soasmapi.jar:]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.7.0_79]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance( [rt.jar:1.7.0_79]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance( [rt.jar:1.7.0_79]
        at java.lang.reflect.Constructor.newInstance( [rt.jar:1.7.0_79]
        at a0.a(DashoA10*..)
        at*..) [soasmapi.jar:]
        at [soaagent-txmplugin.jar:]
        at [soaagent-txmplugin.jar:]
        at [soaagent-core.jar:]
        at<init>( [soaagent-core.jar:]
        at<init>( [soaagent-core.jar:]
        at [soaagent-core.jar:]
        at [soaagent-core.jar:]
        at [soaagent-core.jar:]
        at<clinit>( [soaagent-core.jar:]
        at [asaagent-jboss6.jar:]
        at [asaagent-jboss6.jar:]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at [jboss-as-web-7.5.0.Final-redhat-21.jar:7.5.0.Final-redhat-21]
        at org.apache.catalina.core.StandardHostValve.invoke( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.valves.ErrorReportValve.invoke( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.valves.AccessLogValve.invoke( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.core.StandardEngineValve.invoke( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.catalina.connector.CoyoteAdapter.service( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.coyote.http11.Http11Processor.process( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process( [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at$ [jbossweb-7.5.7.Final-redhat-1.jar:7.5.7.Final-redhat-1]
        at [rt.jar:1.7.0_79]


The root cause of the issue is due to JBoss agent expects policy server has a certificate in "X509 Certificate Management -> Trusted Certificates and Private Keys" with Alias: defaultenterpriseprivatekey

<Please see attached file for image>


User can import the certificate (Click on “Import New”) after signed by CA together with Private Key


Create a self sign certificate by click on “Request Certificate”

1.      At policy server WAMUI -> X509 Certificate Management -> Trusted Certificates and Private Keys -> Click on “Request Certificate”

<Please see attached file for image>


2.      Fill up the information in the following screen

<Please see attached file for image>


3.      Click on Save and self-signed certificate generate.

<Please see attached file for image>


4.      Restart the JBoss server with JBoss agent enable and the error reported in server.log should has been resolved.


Component: SMJBSS


1558722592542000036107_sktwi1f5rjvs16wi9.png get_app
1558722590448000036107_sktwi1f5rjvs16wi8.png get_app
1558722588777000036107_sktwi1f5rjvs16wi7.png get_app
1558722586552000036107_sktwi1f5rjvs16wi6.png get_app