Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

AM 6.x install fails with Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede error

Last updated May 10, 2021

The purpose of this article is to provide assistance if you encounter the "Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede" error when installing AM 6.x with an embedded DS configuration store. This issue occurs after upgrading Java® to OpenJDK 8u292.


Symptoms

Installing AM with an embedded DS configuration store fails.

The following error is shown in the Install log when this happens:

23/04/2021 10:37:29:404 AM BST: ...Failed An error occurred while attempting to setup the embedded server with server root '/path/to/openam/opends/logs', base DN 'dc=openam,dc=forgerock,dc=org'. AMSetupServlet.processRequest: error com.sun.identity.setup.ConfiguratorException: configurator.embsetupopendsfailed   at com.sun.identity.setup.EmbeddedOpenDS.setupOpenDS(EmbeddedOpenDS.java:357)    at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:259) ... Caused by: java.security.KeyStoreException: The following error occurred when generating a self-signed certificate using the alias server-cert: Key protection  algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede    at org.opends.server.util.Platform$PlatformIMPL.generateSelfSignedCertificate(Platform.java:258)    at org.opends.server.util.Platform$PlatformIMPL.access$500(Platform.java:120)    at org.opends.server.util.Platform.generateSelfSignedCertificate(Platform.java:380)    at org.opends.server.util.CertificateManager.generateSelfSignedCertificate(CertificateManager.java:231)    at org.forgerock.opendj.setup.model.Security$SelfSignedCertificate.configureSecurity(Security.java:470) ... Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede

Recent Changes

Upgraded OpenJDK to version 8u292 (1.8.0_292)

Causes

This is a known OpenJDK issue: 8u292 NoSuchAlgorithmException unrecognized algorithm name: PBEWithSHA1AndDESede.

Solution

Until the OpenJDK issue is resolved, you can work around this using one of the following options:

  • Downgrade to an earlier OpenJDK, for example: 8u282.
  • Use a different JDK such as AdoptOpenJDK or Oracle® JDK.

See Also

AM 5, 5.5, 5.5.1 and 6.0.0.x, IDM 6.x and Rest2LDAP cannot connect to DS 5, DS 5.5, DS 5.5.1, DS 5.5.2 or 6 after restricting DS cipher suites or Java upgrade

Cannot install or use ssoadm in AM 5, 5.5, 5.5.1, 6.0.0.x, 6.5.0 and 6.5.0.1 after restricting configuration store (DS) cipher suites or Java upgrade

Related Training

N/A

Related Issue Tracker IDs

OPENAM-17755 (AM installation does not work with openjdk version "1.8.0_292")



Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.
Loading...