Can't start SSO process after updating SSL certificate

Document ID : KB000095161
Last Modified Date : 09/05/2018
Show Technical Document Details
After updating the SSL certificates the SSO process will not start.  The following message is seen in the wrapper-<date>.log in /opt/CA/PerformanceCenter/sso/logs

INFO   | jvm 1    | 2018/05/08 13:39:42 | Caused by:
KeyException: Password verification failed
INFO   | jvm 1    | 2018/05/08 13:39:42 |       at
Any version of CAPM
Invalid password in ssl.ini
1. Review passwords in ssl.ini:
  • /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
  • /opt/CA/PerformanceCenter/sso/start.d/ssl.ini 
2. Validate the jetty keystore password with the following command:
  • keytool -list -v -keystore keystore -storepass <password from file>
3. If the password is wrong you will receive an error that the keystore has been tampered with
4. Run history | grep importkeystore to confirm the password used to import into the keystore and repeat step #2 to confirm the password works
5. To update the keystore password run the following command: keytool -storepasswd -keystore keystore -storepass <updated password>
  • The password can come from the ssl.ini files from step #1
6. Cycle CAPC services to confirm you can login