AnsweredAssumed Answered

GeoEvent has no valid keystore after config-store move

Question asked by gill.paterson@geoplex.com.au on Jul 31, 2019
Latest reply on Aug 6, 2019 by gill.paterson@geoplex.com.au

We are on GeoEvent 10.6.1 (no patches) and have been required to move the config-store and directories to a new share. I used the ArcGIS Server admin>system>configstore and directories edit functions to do this. Upon completion the ArcGIS Server Manager opens correctly as a verified site with the correct certificates being shown. However, opening the GeoEvent Manager the browser warns that "Your connection is not secure. The owner of xxx has configured their web site improperly". Prior to the config-store and directories move, the Manager opened correctly. I restarted the server and upon start up the following was in the karaf logs

 

019-07-31T14:46:00,121 | ERROR | CM Configuration Updater (ManagedService Update: pid=[org.apache.cxf.osgi]) | HttpServiceStarted               | 443 - org.ops4j.pax.web.pax-web-runtime - 6.0.3 | Could not start the servlet context for context path []
java.lang.IllegalStateException: no valid keystore

2019-07-31T14:46:01,965 | ERROR | pool-3-thread-1  | HttpClientService                | 53 - com.esri.ges.framework.httpclient - 10.6.1 | Failed to read certificate file at xxx-ags.pfx.cer: signed fields invalid

2019-07-31T14:46:01,990 | ERROR | pool-3-thread-1  | HttpClientService                | 53 - com.esri.ges.framework.httpclient - 10.6.1 | Failed to read certificate file at xxx-ge.pfx.cer: signed fields invalid

 

The certificates do exist where the error is pointing to and from what we can tell are all ok.

The arcgis.keystore matches the certificates that are installed on the machine (Windows 2012 under the Personal certificate folder, not the Trusted Root Certification Authorities folder - is this an issue?? not sure why moving the config-store would cause this to be an issue if it worked before)

 

Following the suggestions in 206700-geoevent-server-1051-no-service-was-found and RJs admin reset (which has been my go to geoevent fix until now) did not resolve the issue.

 

Am I correct in thinking that because the ArcGIS Server Manager is verified correctly that the arcgis.keystore under Program Files\ArcGIS\Server\framework\etc\certificates\arcgis.keystore is ok. However, GeoEvent is somehow not creating the C:\ProgramData\ESRI\GeoEvent\certs\geoEventSSLCertificate.jks correctly? The answer is probably not important, but how to fix it if it is the issue.

 

Any ideas on where to go to from here please???

Outcomes