Solutions
Archived

A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen error in OpenDJ 2.6.0, 2.6.1, 2.6.2 and 2.6.3

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if you encounter "A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen" error in OpenDJ 2.6.0, 2.6.1, 2.6.2 and 2.6.3. This error can happen when installing OpenDJ (and enabling SSL or importing initial entries), using tools such as dsconfig or running the status command. It can also affect OpenAM 11.x and 12.x as they bundle affected versions of OpenDJ as the embedded data store.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

The following error is shown when setting up OpenDJ and enabling SSL or importing any initial entries:

Error Configuring Certificates. Details: java.lang.ExceptionInInitializerError: A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen at org.opends.quicksetup.installer.Installer.configureServer(Installer.java:1259) at org.opends.quicksetup.installer.offline.OfflineInstaller.run(OfflineInstaller.java:108) at org.opends.server.tools.InstallDS.execute(InstallDS.java:580) at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:341) at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:286) at org.opends.quicksetup.installer.SetupLauncher.launch(SetupLauncher.java:138) at org.opends.quicksetup.installer.SetupLauncher.main(SetupLauncher.java:75) Caused by: java.lang.ExceptionInInitializerError: A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen at org.opends.server.util.Platform$PlatformIMPL.<clinit>(Platform.java:127) at org.opends.server.util.Platform.<clinit>(Platform.java:80) at org.opends.server.util.CertificateManager.generateSelfSignedCertificate(CertificateManager.java:283) at org.opends.quicksetup.installer.Installer.configureServer(Installer.java:1129) ... 6 more

The following error is shown when using OpenDJ tools such as dsconfig:

Exception in thread "main" java.lang.ExceptionInInitializerError: A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen at org.opends.server.util.Platform$PlatformIMPL.<clinit>(Platform.java:137) at org.opends.server.util.Platform.<clinit>(Platform.java:81) at org.opends.admin.ads.util.ApplicationTrustManager.<init>(ApplicationTrustManager.java:118) at org.opends.server.util.cli.LDAPConnectionConsoleInteraction.getTrustManagerInternal(LDAPConnectionConsoleInteraction.java:1060) at org.opends.server.util.cli.LDAPConnectionConsoleInteraction.initializeTrustManager(LDAPConnectionConsoleInteraction.java:2068) at org.opends.server.util.cli.LDAPConnectionConsoleInteraction.run(LDAPConnectionConsoleInteraction.java:585) at org.opends.server.util.cli.LDAPConnectionConsoleInteraction.run(LDAPConnectionConsoleInteraction.java:317) at org.opends.server.tools.dsconfig.LDAPManagementContextFactory.getManagementContext(LDAPManagementContextFactory.java:107) at org.opends.server.tools.dsconfig.DSConfig.runInteractiveMode(DSConfig.java:959) at org.opends.server.tools.dsconfig.DSConfig.run(DSConfig.java:843) at org.opends.server.tools.dsconfig.DSConfig.main(DSConfig.java:359) at org.opends.server.tools.dsconfig.DSConfig.main(DSConfig.java:315)

The following error is shown when running the status command:

Exception in thread "main" java.lang.NoClassDefFoundError: Could not initialize class org.opends.server.util.Platform at org.opends.admin.ads.util.ApplicationTrustManager.(ApplicationTrustManager.java:118) at org.opends.guitools.controlpanel.datamodel.ControlPanelInfo.getInstance(ControlPanelInfo.java:148) at org.opends.server.tools.status.StatusCli.execute(StatusCli.java:329) at org.opends.server.tools.status.StatusCli.mainCLI(StatusCli.java:264) at org.opends.server.tools.status.StatusCli.main(StatusCli.java:191)

The following error is shown in the OpenAM debug log if you are using the embedded OpenDJ:

ERROR: ConsoleServletBase.onUncaughtException com.iplanet.jato.NavigationException: Exception encountered during forward Root cause = [java.lang.NoClassDefFoundError: Could not initialize class org.opends.server.util.Platform] at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380) at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261) at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:161)

Recent Changes

Upgraded to OpenJDK® 7u111 (1.7.0_111) or IBM® Java® 8.

Causes

Some OpenDJ processes and tools rely on an internal CertAndKeyGen class that is included in the JVM. OpenJDK 7u111 and IBM Java 8 have moved the CertAndKeyGen class to a different location; this means OpenDJ cannot locate it, which results in these errors.

Solution

This issue can be resolved in one of the following ways:

  • Revert OpenJDK 7u111 or IBM Java 8 to an earlier version.
  • Upgrade to OpenDJ 2.6.4 or later (or OpenAM 13.0 or later if you use embedded OpenDJ); you can download these from BackStage. Once you have upgraded OpenDJ, you can upgrade Java if required.

See Also

How do I change DS (All versions) to use a different JDK version?

How do I ensure DS (All versions) uses the Java settings from java.properties file when starting?

Related Training

N/A

Related Issue Tracker IDs

OPENDJ-2247 (CertAndKeyGen class location is incorrect when running on IBM Java 8 and OpenJDK 7u111)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.