Solutions

The CertAndKeyGen security class cannot be found error when configuring OpenAM 13.x

Last updated Sep 27, 2019

The purpose of this article is to provide assistance if you encounter a "The CertAndKeyGen security class cannot be found" error when configuring OpenAM on JBoss®. This error only occurs if you have also upgraded to JDK 8.


Symptoms

An error similar to the following is shown when running the configurator tool:

2017-06-11 12:57:03,196 ERROR [stderr] (http-198.51.100.0:8080) Caused by: java.lang.ExceptionInInitializerError: The CertAndKeyGen security class cannot be found, consider setting -Dorg.forgerock.opendj.CertAndKeyGenProvider=

2017-06-11 12:57:03,211 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/login].[AMSetupServlet]] (http-198.51.100.0:8080) JBWEB000236: Servlet.service() for servlet AMSetupServlet threw exception: java.lang.ExceptionInInitializerError: The CertAndKeyGen security class cannot be found, consider setting -Dorg.forgerock.opendj.CertAndKeyGenProvider=
   at org.opends.server.util.Platform$PlatformIMPL.<clinit>(Platform.java:171) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.util.Platform.<clinit>(Platform.java:80) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.util.CertificateManager.generateSelfSignedCertificate(CertificateManager.java:272) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.config.AdministrationConnector.createSelfSignedCertificateIfNeeded(AdministrationConnector.java:547) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1534) [opendj-server-legacy-3.5.0.jar:]
   at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:78) [opendj-server-legacy-3.5.0.jar:]
   at com.sun.identity.setup.EmbeddedOpenDS.startServer(EmbeddedOpenDS.java:465) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:262) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:741) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:789) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:833) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:500) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
   at com.sun.identity.setup.AMSetupServlet.doPost(AMSetupServlet.java:439) [openam-core-13.5.0.jar:13.5.0 - 2016-Jul-13 07:32:29]
...

Recent Changes

Upgraded to, or installed OpenAM 13.x.

Upgraded to Oracle® Java Development Kit (JDK) 8.

Causes

The CertAndKeyGen class is not loaded by the JVM even when the following JVM option is set correctly:

-Dorg.forgerock.opendj.CertAndKeyGenProvider=sun.security.tools.keytool.CertAndKeyGen

Solution

This issue can be resolved by updating the jboss-deployment-structure.xml file to include paths to the Sun x509 security module (sun/security/x509) and the keytool (sun/security/tools/keytool). For example, the revised file would now look similar to this:  

<paths> 
   <path name="sun/security/x509" /> 
   <path name="sun/security/tools/keytool" /> 
   <path name="com/sun/org/apache/xpath/internal" /> 
   <path name="com/sun/org/apache/xerces/internal/dom" /> 
   <path name="com/sun/org/apache/xml/internal/utils" /> 
</paths>

See Also

A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen error in OpenDJ 2.6.0, 2.6.1, 2.6.2 and 2.6.3

FAQ: Configuring AM/OpenAM

FAQ: Installing AM/OpenAM

FAQ: Upgrading AM/OpenAM

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2019 ForgeRock, all rights reserved.
Loading...