• Constructs an UnrecoverableKeyException with no detail message. UnrecoverableKeyException (String msg) Constructs an UnrecoverableKeyException with the specified detail message, which provides more information about why this exception has been thrown.
• Has anyone tried using a keystore where the key password is different than the keystore password? I used keytool to create my keystore where the -storepass and -keypass are two different values.

2

This can also happen if you have a site configuration and have made changes to your certificate or passwords but not copied the files to all servers in the site. The midnight lost boy mp3 download.

Solution

This issue can be resolved by synchronizing the passwords using the keytool command:

1. Update .storepass or .keypass respectively with the new password to ensure they match. You should also ensure they match on all servers if you have a site configuration. For example, you can use keytool commands such as the following depending on your keystore format:
   • JCEKS format: $ keytool -storepasswd -new newpassword -keystore keystore.jceks -storetype JCEKS$ keytool -keypasswd -alias yourfqdnalias -new newpassword -keystore keystore.jceks -storetype JCEKS
   • JKS format: $ keytool -storepasswd -new newpassword -keystore keystore.jks$ keytool -keypasswd -alias yourfqdnalias -new newpassword -keystore keystore.jks
2. Restart the web application container in which AM/OpenAM runs to apply the changes.

Default keystore details - AM 5 and later; OpenAM 13.5.x

After installing AM/OpenAM, a default keystore is available in /path/to/openam/security/keystores/keystore.jceks (AM 7 and later) or /path/to/openam/openam/keystore.jceks (Pre-AM 7). The defaultpassword is changeit and is stored in /path/to/openam/security/secrets/default/.storepass (AM 7 and later) or /path/to/openam/openam/.storepass (Pre-AM 7).

This keystore contains multiple default test aliases; the exact test aliases included vary by version as shown in the documentation:

• AM 7 - Security Guide › About the Default Keystores and Secret Stores
• AM 6.5 - Setup and Maintenance Guide › JCEKS and JKS Keystore Comparison
• AM 6 - Setup and Maintenance Guide › JCEKS and JKS Keystore Comparison
• AM 5.x - Setup and Maintenance Guide › JCEKS and JKS Keystore Comparison
• OpenAM 13.5 - Administration Guide › JCEKS and JKS Keystore Comparison

See Security Guide › Configuring Secrets, Certificates, and Keys for further information.

Default keystore details - OpenAM 13

After installing OpenAM, a default keystore is available in the OpenAM configuration directory /path/to/openam/openam/keystore.jks. The defaultpassword is changeit and is stored in /path/to/openam/openam/.storepass. The only key in this keystore is for a self-signed certificate (default alias: test). The defaultpassword is also changeit and is stored in /path/to/openam/openam/.keypass

Related Training

N/A