Updating certs, broke edge UI

ravindramamidip · 06-15-2021 11:39 AM

I updated the SSL cert by doing the following

/opt/apigee/apigee-service/bin/apigee-service edge-ui disable-ssl

then created a config file

HTTPSPORT=8443
DISABLE_HTTP=n
KEY_ALGO=JKS
KEY_FILE_PATH=/opt/apigee/customer/application/irx-dev.keystore.jks
KEY_PASS=XXXXX

And configured the ssl by doing this

/opt/apigee/apigee-service/bin/apigee-service edge-ui configure-ssl -f configFile

But I am still getting the error

from org.jboss.netty.channel.socket.nio.AbstractNioSelector in New I/O server boss #18 - Failed to initialize an accepted socket.
java.lang.Exception: Error loading HTTPS keystore from /opt/apigee/customer/conf/irx-dev.keystore.jks

.....

Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790) ~[na:1.8.0_282]
... 20 common frames omitted

Not sure what I am doing wrong ? I made sure I use the same password for the pkcs12 and jks file and I added the password as plain text to configFile..

Any tips on what I am doing wrong here ?

Denis_KALITVI

The password for the .jks file is not correct maybe? Are you able to open JKS and look into it with password you providing for the config? Maybe hidden characters added to config file? (do dos2unix or something)

Denis_KALITVI

try to configure without config file, with interactive CLI and tell me if this works

ravindramamidip

The password is correct and I did both using cli and configFile.. When I do

keytool -v -list -keystore irx-dev.jks

it prompts for the password and it works..

sillan_dt

Can you verify if the password is having some special characters? If yes, you can put the password within quotes.

I faced similar issues when there is password having special characters.

You can also omit the password there, it will prompt you for password and that time you can enter.