Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

ERROR: "Failed to initialize endpoint associated with ProtocolHandler ["http-bio-8443"] java.io.IOException: Keystore was tampered with, or password was incorrect" when the Informatica Administrator with https fails to start
Problem Description
The following error occurs in $INFA_HOME/logs/<node_name>/services/AdministratorConsole/cataina.*.log:

​2016-07-27 15:38:51,051 org.apache.coyote.AbstractProtocol init SEVERE: [Thread-0] Failed to initialize end point associated 

with ProtocolHandler ["http-bio-8443"]
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:440)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:344)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:597)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:537)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:482)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:650)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:560)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:820)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:642)
at org.apache.catalina.startup.Catalina.load(Catalina.java:667)
at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427)
at com.informatica.isp.tools.tomcatstarter.InfaTomcatBootstrap$1.run(InfaTomcatBootstrap.java:67)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 28 more​
Cause
​This issue occurs if the password of the keystore file used by the admin console process is set incorrectly in the $INFA_HOME/isp/config/nodemeta.xml file.
The keystore password has to match the httpsInfo encryptedKeystorePass attribute in nodemeta.xml.​

Solution
Please check if the password of the existing keystore file used by the admin console is correct. (Refer to 'More Information' section below)
To resolve the issue, update the keystore password using the infasetup UpdateGatewayNode command with -kp option.
You must shut down the Informatica services before running this command.

Example

$INFA_HOME\isp\bin\infasetup.bat UpdateGatewayNode -httpsPort 8443 -kf C:\Certs\admintool.keystore -kp "xxxxx"

More Information
Using the Java keytool, you can check the validity of the keystore file password, by running the following command:

keytool -list -v -keystore <keystore_name>

Example

C:\Informatica\10.0.0\java\bin>keytool -list -v -keystore C:\Certs\admintool.keystore
Enter keystore password:xxxxx

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: informatica corp.
Creation date: Nov 11, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=blr@informatica.com, CN=INFA, OU=ILabs, O=Informatica Corp., L
=Bangalore, ST=Karnataka, C=IN
Issuer: EMAILADDRESS=blr@informatica.com, CN=INFA, OU=ILabs, O=Informatica Corp.,
L=Bangalore, ST=Karnataka, C=IN
Serial number: 90dc90f2423692d0
Valid from: Mon Nov 11 01:06:38 PST 2013 until: Sat May 06 02:06:38 PDT 2045
Certificate fingerprints:
         MD5:  91:6E:A2:DA:CA:44:C9:B6:ED:12:3C:B9:DC:B2:20:49
         SHA1: DB:14:B1:7C:CF:F0:99:D9:59:74:0D:2E:36:28:56:03:45:4D:2A:D2
         SHA256: B7:5F:F0:AE:4B:32:EA:1E:BF:5B:B9:F9:C1:B0:AD:82:86:1C:86:58:DA:09:E6:67:A
1:24:D0:51:12:98:93:3A
         Signature algorithm name: SHA1withRSA
         Version: 1

*******************************************
*******************************************​​


Note

If keystore password is unknown we can recreate the Keystore then update the nodemeta.xml


Applies To
Product: PowerCenter
Problem Type: Connectivity
User Type: Administrator
Project Phase: Implement
Product Version: PowerCenter
Database:
Operating System:
Other Software:

Reference
Attachments
Last Modified Date:7/6/2020 4:25 AMID:500077
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)