500 Internal Server Error Private Key not found

Issue similar to the below link:

 DataProtector 10.90 - Custom Wildfly server certificate 

DP 11.03 using a custom CA certificate. Ran the command to deploy the Cert / Credentials / Keystore / Trust store... but user management is still missing

OmniBack\bin\omnigencert.pl" -import_ssl_key_certs -server_private_key <Full_path_to_server_private_key.pem> -server_crt <Full_path_to_server.pem> -cacert <Full_path_to_cacert.crt> -server_id <CellManagerHost>

  • 0  

    Just in case, here's the official 11.03 documentation for Configuring custom certificates.

    The options used with the script are looking good. Is any output produced when running the script? Besides that, I would chck serve.log and DPserver.log for more details.

    Having a support case to have this checked is probably not a bad idea. Did you log a case already?


    Koen Verbelen

    Although I am an OpenText employee, I am speaking for myself and not for OpenText.
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button.
    You may also be interested in my Data Protector Support Tips listed per category

  • 0 in reply to   

    Yeah we have an open case as well.  When running the script it had no errors.

    Server log has nothing obvious. Dp serverlog has this:

    2023-10-24 06:15:00,051 FATAL [EncryptDecrypt:62:EJB default - 3] Exception Caught :: Private Key not found2023-10-24 06:15:00,051 FATAL [EncryptDecrypt:62:EJB default - 3] Exception Caught :: Private Key not found2023-10-24 06:15:01,276 INFO  [LicenseDataProvider:42:default task-8] Enter getLicenseDetails2023-10-24 06:15:01,343 FATAL [DPIPCSSL:188:default task-6] Private Key not found2023-10-24 06:15:01,343 ERROR [DPIPCSSL:145:default task-6] ****************** Exception caught ******************2023-10-24 06:15:01,343 FATAL [DPIPCSSL:145:default task-6] Private Key not found: IPCSSLException [status=503] at com.hp.im.dp.server.ipc.connection.DPIPCSSL.readPrivateKeyFromPEM(DPIPCSSL.java:189) [dp-security-services-1103.jar:] at com.hp.im.dp.server.ipc.connection.DPIPCSSL.populateKeyStore(DPIPCSSL.java:162) [dp-security-services-1103.jar:] at com.hp.im.dp.server.ipc.connection.DPIPCSSL.createSSLFactory(DPIPCSSL.java:126) [dp-security-services-1103.jar:]at com.hp.im.dp.server.ipc.connection.Client.createSocket(Client.java:102) [dp-security-services-1103.jar:]

  • 0   in reply to 

    I can only assume that something is not right with the private key provided. Now, I posted a link to the 11.03 documentation above, but I see that based on inputs I gave to the documentation team, they just published an updated version for DP 23.4.

    Configure custom AppServer and Reporting Server certificates

    I would like to suggest to review that one. I believe it should apply to DP 11.03 also (and I will ask the documentation team again to backport the changes to earlier DP versions). Based on the script options you have used, I am assuming you were generating a CSR and key outside DP. Is that correct? Otherwise there's no need to specify the key while importing the certificate. Can you please clarify what procedure you are following exactly?


    Koen Verbelen

    Although I am an OpenText employee, I am speaking for myself and not for OpenText.
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button.
    You may also be interested in my Data Protector Support Tips listed per category

  • 0 in reply to   

    Key, CSR & Cert are all required to be generated with Org policies (outside of DP). - following the instructions on the 11.03 documentation for this 

    Key type & length are the same (self signed vs org signed)

    Our certs can't have basic constraints

    EKU includes Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1) - Same

    Key Usage - Digital Signature, Key Encipherment (a0) - Same

  • 0   in reply to 

    I'm also seeing your note in the case about the original CA being used. That doesn't sound right. I'm keeping an eye on the case and checking what can be done.


    Koen Verbelen

    Although I am an OpenText employee, I am speaking for myself and not for OpenText.
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button.
    You may also be interested in my Data Protector Support Tips listed per category

  • 0   in reply to 

    Did you check the "omnigencert_<date>_<time>.log" file (ProgramData\OmniBack\log)? Any problems seen there?


    Koen Verbelen

    Although I am an OpenText employee, I am speaking for myself and not for OpenText.
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button.
    You may also be interested in my Data Protector Support Tips listed per category

  • Verified Answer

    +1 in reply to   

    So after reviewing the "C:\ProgramData\OmniBack\log\opensslkeytool log", I was able to drill down. to the root cause. Following the instructions:

    We copied it... however it still had problems. When I just renamed that folder, the folder was properly recreated and everything works as expected now.