Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6358

backUpAll doesn't backup ads-truststore.pin

    Details

    • Type: Bug
    • Status: Done
    • Priority: Minor
    • Resolution: Not a defect
    • Affects Version/s: 6.5.0
    • Fix Version/s: 6.5.0
    • Component/s: tools
    • Labels:
    • Story Points:
      0
    • Support Ticket IDs:

      Description

      To reproduce the issue:

      1. Perform a backUpAll on a DS instance

      2. Set up a new DS instance and restore all backends

      3. Start the new DS instance. It fails with the following errors.

      [12/Jun/2019:13:52:27 +0800] category=CONFIG severity=ERROR msgID=116 msg=An error occurred while trying to initialize a backend loaded from class org.opends.server.backends.TrustStoreBackend with the information in configuration entry ds-cfg-backend-id=ads-truststore,cn=Backends,cn=config: InitializationException: Error while trying to add certificate ads-certificate to the trust store file db/ads-truststore/ads-truststore: KeyStoreException(java.io.IOException: Keystore was tampered with, or password was incorrect) (TrustStoreBackend.java:880 TrustStoreBackend.java:165 BackendConfigManager.java:854 BackendConfigManager.java:837 BackendConfigManager.java:247 BackendConfigManager.java:224 BackendConfigManager.java:215 BackendConfigManager.java:156 DirectoryServer.java:1477 DirectoryServer.java:1323 DirectoryServer.java:4037). This backend will be disabled
      [12/Jun/2019:13:52:27 +0800] category=CORE severity=NOTICE msgID=139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerShutdown, alert ID org.opends.messages.core-141): The Directory Server has started the shutdown process. The shutdown was initiated by an instance of class org.opends.server.core.DirectoryServer and the reason provided for the shutdown was An error occurred while attempting to bootstrap the Directory Server: CryptoManager failed to add entry "ds-cfg-key-id=ads-certificate,cn=ads-truststore" to initiate instance key generation

      The workaround is to copy over opendj/db/ads-truststore/ads-truststore.pin from the old instance.

        Attachments

          Activity

            People

            • Assignee:
              matthew Matthew Swift
              Reporter:
              yinyan.cao Yinyan Cao
              Dev Assignee:
              Matthew Swift
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: