The CertAndKeyGen security class cannot be found error when configuring OpenAM 13.x
The purpose of this article is to provide assistance if you encounter a "The CertAndKeyGen security class cannot be found" error when configuring OpenAM on JBoss®. This error only occurs if you have also upgraded to JDK 8.
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
An error similar to the following is shown when running the configurator tool:
2017-06-11 12:57:03,196 ERROR [stderr] (http-198.51.100.0:8080) Caused by: java.lang.ExceptionInInitializerError: The CertAndKeyGen security class cannot be found, consider setting -Dorg.forgerock.opendj.CertAndKeyGenProvider= 2017-06-11 12:57:03,211 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/login].[AMSetupServlet]] (http-198.51.100.0:8080) JBWEB000236: Servlet.service() for servlet AMSetupServlet threw exception: java.lang.ExceptionInInitializerError: The CertAndKeyGen security class cannot be found, consider setting -Dorg.forgerock.opendj.CertAndKeyGenProvider= at org.opends.server.util.Platform$PlatformIMPL.<clinit>(Platform.java:171) [opendj-server-legacy-3.5.0.jar:] at org.opends.server.util.Platform.<clinit>(Platform.java:80) [opendj-server-legacy-3.5.0.jar:] at org.opends.server.util.CertificateManager.generateSelfSignedCertificate(CertificateManager.java:272) [opendj-server-legacy-3.5.0.jar:] at org.opends.server.config.AdministrationConnector.createSelfSignedCertificateIfNeeded(AdministrationConnector.java:547) [opendj-server-legacy-3.5.0.jar:] at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1534) [opendj-server-legacy-3.5.0.jar:] at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:78) [opendj-server-legacy-3.5.0.jar:] at com.sun.identity.setup.EmbeddedOpenDS.startServer(EmbeddedOpenDS.java:465) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:262) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:741) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:789) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:833) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:500) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] at com.sun.identity.setup.AMSetupServlet.doPost(AMSetupServlet.java:439) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29] ...Recent Changes
Upgraded to, or installed OpenAM 13.x.
Upgraded to Oracle® Java Development Kit (JDK) 8.
Causes
The CertAndKeyGen class is not loaded by the JVM even when the following JVM option is set correctly:
-Dorg.forgerock.opendj.CertAndKeyGenProvider=sun.security.tools.keytool.CertAndKeyGenSolution
This issue can be resolved by updating the jboss-deployment-structure.xml file to include paths to the Sun x509 security module (sun/security/x509) and the keytool (sun/security/tools/keytool). For example, the revised file would now look similar to this:
<paths> <path name="sun/security/x509" /> <path name="sun/security/tools/keytool" /> <path name="com/sun/org/apache/xpath/internal" /> <path name="com/sun/org/apache/xerces/internal/dom" /> <path name="com/sun/org/apache/xml/internal/utils" /> </paths>See Also
Related Training
N/A
Related Issue Tracker IDs
N/A