Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Configuration Management System (CMS)2018.05

Troubleshoot > Troubleshooting Deployment > Troubleshooting Deployment - Keystore and Truststore

Troubleshooting Deployment - Keystore and Truststore

Troubleshooting Keystore and Truststore - Non-FIPS mode

Problem: UCMDB server startup failed, and the startup.log shows message similar to the following:

2017-05-04 08:32:17,074  ERROR  [WrapperSimpleAppMain] (JettyManager.java:247) - Failure starting jetty server
MultiException[java.io.IOException: Keystore was tampered with, or password was incorrect, java.io.IOException: Keystore was tampered with, or password was incorrect]
	at org.eclipse.jetty.server.Server.doStart(Server.java:329)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
	at com.mercury.topaz.cmdb.server.manage.servlet.JettyManager.startServer(JettyManager.java:243)
	at com.mercury.topaz.cmdb.server.manage.Framework.doStart0(Framework.java:242)
	at com.mercury.topaz.cmdb.server.manage.Framework.access$100(Framework.java:102)	
	at com.mercury.topaz.cmdb.server.manage.Framework$2.executeInContext(Framework.java:221)	
	at com.mercury.topaz.cmdb.server.manage.Framework$2.executeInContext(Framework.java:218)
	at com.mercury.topaz.cmdb.shared.manage.AuthorizationContextUtils.executeInSystemAuthorizationContext(AuthorizationContextUtils.java:24)
	at com.mercury.topaz.cmdb.server.manage.Framework.start0(Framework.java:218)
	at com.mercury.topaz.cmdb.server.manage.Framework.doStartUp(Framework.java:204)
	at com.mercury.topaz.cmdb.server.manage.Framework.access$000(Framework.java:102)
	at com.mercury.topaz.cmdb.server.manage.Framework$1.executeInContext(Framework.java:186)
	at com.mercury.topaz.cmdb.server.manage.Framework$1.executeInContext(Framework.java:183)
	at com.mercury.topaz.cmdb.shared.manage.AuthorizationContextUtils.executeInSystemAuthorizationContext(AuthorizationContextUtils.java:24)
	at com.mercury.topaz.cmdb.server.manage.Framework.startUp(Framework.java:183)
	at com.hp.ucmdb.server.Main.startFramework(Main.java:34)	
	at com.hp.ucmdb.server.Main.main(Main.java:23)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)	
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:325)
	at java.lang.Thread.run(Thread.java:745)

Solution A:

Check the verify_store_pass.log (in the C:\UCMDB\UCMDBServer\runtime\log folder), if you see the following message:

INFO: server-storepass.conf file exists and it contains keystore and truststore.

Do the following:

Stop the UCMDB Server.

Run commands.

Check keystore password.

Windows:

From C:\UCMDB\UCMDBServer\bin\jre\bin, run the following commands.
```
keytool -list -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore
```
Linux:

From /opt/UCMDB/UCMDBServer/bin/jre/bin, run the following commands:
```
./keytool -list -keystore /opt/UCMDB/UCMDBServer/conf/security/server.keystore
```
Enter the password that you set up during the installation of UCMDB server. If you see the following message:
```
keytool error: java.io.IOException:Keystore was tampered with, or password was incorrect. 
```
Then the password was not properly set, and you need to change keystore and truststore passwords using keytool.

Change the store password:

Windows:

keytool -storepasswd -new <new_keystore_pass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore -storepass <current_keystore_pass>

Linux:

./keytool -storepasswd -new <new_keystore_pass> -keystore /opt/UCMDB/UCMDBServer/conf/security/server.keystore -storepass <current_keystore_pass>

Change the key password (if the store is not empty):

Windows:

keytool -keypasswd -alias <alias> -keypass <currentPass> -new <newPass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore

Linux:

./keytool -keypasswd -alias <alias> -keypass <currentPass> -new <newPass> -keystore /opt/UCMDB/UCMDBServer/conf/security/server.keystore

Change the trust store password:

Windows:

keytool -storepasswd -new <new_truststore_pass> -keystore  C:\UCMDB\UCMDBServer\conf\security\server.truststore -storepass <current_truststore_pass>

Linux:

./keytool -storepasswd -new <new_truststore_pass> -keystore  /opt/UCMDB/UCMDBServer/conf/security/server.truststore -storepass <current_truststore_pass>

Start the UCMDB Server service.

Solution B:

Check the verify_store_pass.log, if you see the following message:

INFO:  keystore password and truststore password don't exist.

Or the following:

INFO:  server-storepass.conf file doesn't exist.

Do the following:

Generate the server-storepass.conf file.

Windows:

From the C:\UCMDB\UCMDBServer\bin folder, run the following command:
```
key-truststore.bat <fips_mode> <new_keystore_pass> <new_truststore_pass>
```
Linux:

From the /opt/UCMDB/UCMDBServer/bin folder, run the following command:
```
./key-truststore.sh <fips_mode> <new_keystore_pass> <new_truststore_pass>
```
where <fips_mode> can be only set to true or false. For non-FIPS mode UCMDB server, false for <fips_mode>.
Stop the UCMDB Server.

Change keystore password and truststore password with keytool.

From the C:\UCMDB\UCMDBServer\bin\jre\bin (Windows) or /opt/UCMDB/UCMDBServer/bin/jre/bin (Linux) folder, run the following commands:

Change the store password:

Windows:

keytool -storepasswd -new <new_keystore_pass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore -storepass <current_keystore_pass>

Linux:

./keytool -storepasswd -new <new_keystore_pass> -keystore /opt/UCMDB/UCMDBServer/conf/security/server.keystore -storepass <current_keystore_pass>

Change the key password (if the store is not empty):

Windows:

keytool -keypasswd -alias <alias> -keypass <currentPass> -new <newPass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore

Linux:

./keytool -keypasswd -alias <alias> -keypass <currentPass> -new <newPass> -keystore /opt/UCMDB/UCMDBServer/conf/security/server.keystore

Change the trust store password:

Windows:

keytool -storepasswd -new <new_truststore_pass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.truststore -storepass <current_truststore_pass>

Linux:

./keytool -storepasswd -new <new_truststore_pass> -keystore /opt/UCMDB/UCMDBServer/conf/security/server.truststore -storepass <current_truststore_pass>

Start the UCMDB Server service.

Solution C:

If you only changed keystore password or truststore password during UCMDB server installation, and then server startup failed and the startup.log shows similar error messages as shown above. You can follow the instructions provided in Solution A or Solution B, but you need to change the keystore password or truststore password that you set during installation.

For example, if you only changed truststore password during installation and you need to generate server-storepass.conf, run the following command:

Windows: key-truststore.bat <fips_mode> null <new_truststore_pass>

Linux: ./key-truststore.sh <fips_mode> null <new_truststore_pass>

Problem: You have changed schema in UCMDB Server. The server startup failed and the startup.log shows the following message:

2017-05-04 08:32:17,074  ERROR  [WrapperSimpleAppMain] (JettyManager.java:247) - Failure starting jetty server
MultiException[java.io.IOException: Keystore was tampered with, or password was incorrect, java.io.IOException: Keystore was tampered with, or password was incorrect]
	at org.eclipse.jetty.server.Server.doStart(Server.java:329)
	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
	at com.mercury.topaz.cmdb.server.manage.servlet.JettyManager.startServer(JettyManager.java:243)
	at com.mercury.topaz.cmdb.server.manage.Framework.doStart0(Framework.java:242)
	at com.mercury.topaz.cmdb.server.manage.Framework.access$100(Framework.java:102)
	at com.mercury.topaz.cmdb.server.manage.Framework$2.executeInContext(Framework.java:221)
	at com.mercury.topaz.cmdb.server.manage.Framework$2.executeInContext(Framework.java:218)
	at com.mercury.topaz.cmdb.shared.manage.AuthorizationContextUtils.executeInSystemAuthorizationContext(AuthorizationContextUtils.java:24)
	at com.mercury.topaz.cmdb.server.manage.Framework.start0(Framework.java:218)
	at com.mercury.topaz.cmdb.server.manage.Framework.doStartUp(Framework.java:204)
	at com.mercury.topaz.cmdb.server.manage.Framework.access$000(Framework.java:102)
	at com.mercury.topaz.cmdb.server.manage.Framework$1.executeInContext(Framework.java:186)
	at com.mercury.topaz.cmdb.server.manage.Framework$1.executeInContext(Framework.java:183)
	at com.mercury.topaz.cmdb.shared.manage.AuthorizationContextUtils.executeInSystemAuthorizationContext(AuthorizationContextUtils.java:24)
	at com.mercury.topaz.cmdb.server.manage.Framework.startUp(Framework.java:183)
	at com.hp.ucmdb.server.Main.startFramework(Main.java:34)
	at com.hp.ucmdb.server.Main.main(Main.java:23)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:325)
	at java.lang.Thread.run(Thread.java:745)

Solution: You need to re-generate server-storepass.conf, because the new schema does not store any keystore and truststore passwords.

If you remember what passwords were specified previously, you can generate the server-storepass.conf file with the following command:

Windows: key-truststore.bat <fips_mode> <new_keystore_pass> <new_truststore_pass>

Linux: ./key-truststore.sh <fips_mode> <new_keystore_pass> <new_truststore_pass>

where <fips_mode> can be only set to true or false. For non-FIPS mode UCMDB server, false for <fips_mode>.
If you don't remember the passwords, follow the instructions in Solution B to regenerate the passwords.

Send Help Center feedback