Solutions

The CertAndKeyGen security class cannot be found error when configuring AM (All versions) or OpenAM 13.x

Last updated Jul 9, 2018

The purpose of this article is to provide assistance if you encounter a "The CertAndKeyGen security class cannot be found" error when configuring AM/OpenAM on JBoss®. This error only occurs if you have also upgraded to JDK 8.


Symptoms

An error similar to the following is shown when running the configurator tool:

2017-06-11 12:57:03,196 ERROR [stderr] (http-198.51.100.0:8080) Caused by: java.lang.ExceptionInInitializerError: The CertAndKeyGen security class cannot be found, consider setting -Dorg.forgerock.opendj.CertAndKeyGenProvider=

2017-06-11 12:57:03,211 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/login].[AMSetupServlet]] (http-198.51.100.0:8080) JBWEB000236: Servlet.service() for servlet AMSetupServlet threw exception: java.lang.ExceptionInInitializerError: The CertAndKeyGen security class cannot be found, consider setting -Dorg.forgerock.opendj.CertAndKeyGenProvider=
   at org.opends.server.util.Platform$PlatformIMPL.<clinit>(Platform.java:171) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.util.Platform.<clinit>(Platform.java:80) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.util.CertificateManager.generateSelfSignedCertificate(CertificateManager.java:272) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.config.AdministrationConnector.createSelfSignedCertificateIfNeeded(AdministrationConnector.java:547) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1534) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:78) [opendj-server-legacy-3.5.0.jar:]
   at com.sun.identity.setup.EmbeddedOpenDS.startServer(EmbeddedOpenDS.java:465) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:262) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:741) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:789) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:833) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:500) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.doPost(AMSetupServlet.java:439) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
...

Recent Changes

Upgraded to, or installed AM 5 or later.

Upgraded to, or installed OpenAM 13.x.

Upgraded to Oracle® Java Development Kit (JDK) 8.

Causes

The CertAndKeyGen class is not loaded by the JVM even when the following JVM option is set correctly:

-Dorg.forgerock.opendj.CertAndKeyGenProvider=sun.security.tools.keytool.CertAndKeyGen

Solution

This issue can be resolved by updating the jboss-deployment-structure.xml file to include paths to the Sun x509 security module (sun/security/x509) and the keytool (sun/security/tools/keytool). For example, the revised file would now look similar to this:  

<paths> 
   <path name="sun/security/x509" /> 
   <path name="sun/security/tools/keytool" /> 
   <path name="com/sun/org/apache/xpath/internal" /> 
   <path name="com/sun/org/apache/xerces/internal/dom" /> 
   <path name="com/sun/org/apache/xml/internal/utils" /> 
</paths>

See Also

A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen error in OpenDJ 2.6.0, 2.6.1, 2.6.2 and 2.6.3

FAQ: Configuring AM/OpenAM

FAQ: Installing AM/OpenAM

FAQ: Upgrading AM/OpenAM

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2018 ForgeRock, all rights reserved.
Loading...