Can't start SSO process after updating SSL certificate

Document ID : KB000095161
Last Modified Date : 09/05/2018
Show Technical Document Details
Issue:
After updating the SSL certificates the SSO process will not start.  The following message is seen in the wrapper-<date>.log in /opt/CA/PerformanceCenter/sso/logs

INFO   | jvm 1    | 2018/05/08 13:39:42 | Caused by: java.security.Unrecoverable
KeyException: Password verification failed
INFO   | jvm 1    | 2018/05/08 13:39:42 |       at sun.security.provider.JavaKey
Store.engineLoad(JavaKeyStore.java:778)
Environment:
Any version of CAPM
Cause:
Invalid password in ssl.ini
Resolution:
1. Review passwords in ssl.ini:
  • /opt/CA/PerformanceCenter/PC/start.d/ssl.ini
  • /opt/CA/PerformanceCenter/sso/start.d/ssl.ini 
2. Validate the jetty keystore password with the following command:
  • keytool -list -v -keystore keystore -storepass <password from file>
3. If the password is wrong you will receive an error that the keystore has been tampered with
4. Run history | grep importkeystore to confirm the password used to import into the keystore and repeat step #2 to confirm the password works
5. To update the keystore password run the following command: keytool -storepasswd -keystore keystore -storepass <updated password>
  • The password can come from the ssl.ini files from step #1
6. Cycle CAPC services to confirm you can login