When attempting to start a TLS Gateway in an Automic Automation environment, the component crashes immediately. The following error is observed in the TLS Gateway logs:

U02000418 An unexpected error occurred: java.security.InvalidKeyException: Invalid AES key length: [X] bytesU02000041 Shutdown Agent 'AGENT_NAME'.

In recorded instances, the error may specify an unexpected key length, such as 25 bytes, even when the OHA_CONTENTLEN field in the database indicates a length of 32.

Version: 24.4.2 and earlier
Component: TLS Gateway

This issue is caused by a defect in the ucybdbld utility (DB Load) where specific strings used as a Company Key are stored incorrectly in the database.

When the custom company key is loaded using ./ucybdbld -K[CompanyKey], the utility may generate an incorrect binary representation in the OHA table (Host Access Keys). For certain character sequences, the resulting binary data is truncated or improperly formatted, leading to an invalid AES key length when the TLS Gateway attempts to initialize its security layer.

DE179906

Fix Information

A fix for this defect is planned for the following versions:

• Automic Automation 24.4.5
• Automic Automation 26.1.0

Workaround

If an immediate upgrade is not possible, the issue can be bypassed by using a different string for the Company Key. Testing has shown that the discrepancy is string-dependent.

1. Identify a different alphanumeric string to serve as the Company Key.
2. Reload the new key using the DB Load utility:
   bash

    

   ./ucybdbld -B -TLOCAL -K[NewCompanyKey]

3. Restart the TLS Gateway.

Note: Verify the binary data in the database if the issue persists. A valid 32-byte key should appear as a 64-character hexadecimal string in the OHA_CONTENT field.