Getting error while configuring DA 23.2 with JDK 17

Ram_Kishan_Maitry
Ram_Kishan_Maitry Member
in Documentum #1

Hi,

We are getting below error while configuring DA 23.2 on apache tomcat 9.0.80 version.

15:31:07,673 ERROR [main] com.documentum.fc.client.security.impl.IdentityManager - [DFC_SECURITY_IDENTITY_INIT] no identity initialization or incomplete identity initialization
java.lang.IllegalStateException: Error creating sun.security.x509.X509CertInfo object
at com.documentum.fc.client.security.internal.ReflectionUtil.createExact(ReflectionUtil.java:52) ~[dfc.jar:?]

How to fix this issue. Kindly suggest.

OS version - RHEL 8.8

Apache Tomcat 9.0.80

Oracle jdk-17.0.6

Best Answers

  • Hicham Bahi
    Hicham Bahi E Member
    #2 Answer ✓

    You should really be able to solve this on your own. Read the messages carefully : you must have a space or some other character before sun.security.provider=ALL-UNNAMED.

  • AlvaroDeAndresGomez
    AlvaroDeAndresGomez Member
    #3 Answer ✓

    You can "workaround" this error by placing on da/web-inf/classes an existing dfc.keystore. Since moving to openJDK, DFC is very picky about JVM version when it comes to create the keystores

Answers

  • Hicham Bahi
    Hicham Bahi E Member
    #4

    As explained in the installation guide :

    On Linux, set the <JAVA_TOOL_OPTIONS> environment variable to the following value: 

    -Djava.locale.providers=COMPAT,SPI --add-opens=java.base/java.lang=ALL-UNNAMED -- add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-exports=java.base/ sun.security.provider=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL- UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add- exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/ sun.security.tools.keytool=ALL-UNNAMED

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #5

    Hi Hicham,

    Thanks for your response. I have added the below line in Linux user profile(.bash_profile)

    export JAVA_TOOL_OPTIONS=-Djava.locale.providers=COMPAT,SPI --add-opens=java.base/java.lang=ALL-UNNAMED -- add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-exports=java.base/ sun.security.provider=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL- UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add- exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/ sun.security.tools.keytool=ALL-UNNAMED

    But getting the below error:-

    -bash: export: --add-opens=java.base/java.lang=ALL-UNNAMED': not a valid identifier
    -bash: export:     --': not a valid identifier
    -bash: export:     add-opens=java.base/java.lang.invoke=ALL-UNNAMED': not a valid identifier
    -bash: export:     --add-exports=java.base/': not a valid identifier
    -bash: export:     sun.security.provider=ALL-UNNAMED': not a valid identifier
    -bash: export:     --add-exports=java.base/sun.security.pkcs=ALL-': not a valid identifier
    -bash: export:     --add-exports=java.base/sun.security.x509=ALL-UNNAMED': not a valid identifier
    -bash: export:     --add-': not a valid identifier
    -bash: export:     --add-exports=java.base/': not a valid identifier
    -bash: export:     sun.security.tools.keytool=ALL-UNNAMED': not a valid identifier

    Kindly suggest.

  • Hicham Bahi
    Hicham Bahi E Member
    #6

    Thiis a bash error. Paste this in a text editor and make sure it's all on one line.

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #7

    I have pasted in text editor and all are in one line.

  • Hicham Bahi
    Hicham Bahi E Member
    #8

    As I said this is a bash problem. I see now that you didn't enclose the value in double-quotes. It should be

    export JAVA_TOOL_OPTIONS=-"Djava.locale.providers=COMPAT,SPI
    --add-opens=java.base/java.lang=ALL-UNNAMED --
    add-opens=java.base/java.lang.invoke=ALL-UNNAMED
    --add-exports=java.base/ sun.security.provider=ALL-UNNAMED
    --add-exports=java.base/sun.security.pkcs=ALL- UNNAMED
    --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-
    exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/
    sun.security.tools.keytool=ALL-UNNAMED"

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #9

    Hi Hicham,

    I have added as per your suggestion in bash_profile file on Linux. But still getting the below error on tomcat logs.

    NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
    NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
    Picked up JAVA_TOOL_OPTIONS: -Djava.locale.providers=COMPAT,SPI --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-exports=java.base/ sun.security.provider=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/sun.security.tools.keytool=ALL-UNNAMED
    Unrecognized option: sun.security.provider=ALL-UNNAMED
    Error: Could not create the Java Virtual Machine.
    Error: A fatal exception has occurred. Program will exit.

  • Hicham Bahi
    Hicham Bahi E Member
    #10 Answer ✓

    You should really be able to solve this on your own. Read the messages carefully : you must have a space or some other character before sun.security.provider=ALL-UNNAMED.

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #11

    Hi Hicham,

    Issue has been resolved.

    Thanks a ton for help.

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #12

    Hi Hicham,

    I am configuring webtop  16.7.9 with same JDK, getting below error:-

    15:36:25,492 ERROR [main] com.documentum.fc.client.security.impl.IdentityManager - [DFC_SECURITY_IDENTITY_CREATION] failure on creation of identity: 'bad bundle'
    com.documentum.fc.common.DfException: [DFC_SECURITY_IDENTITY_BUNDLE_FAIL] could not create identity bundle because identity initialization failed

    Can you guide me.

  • Hicham Bahi
    Hicham Bahi E Member
    #13

    I think that Webtop 16.7.9 is only certified with Java 11 and not 17. Check the release notes.

  • AlvaroDeAndresGomez
    AlvaroDeAndresGomez Member
    #14 Answer ✓

    You can "workaround" this error by placing on da/web-inf/classes an existing dfc.keystore. Since moving to openJDK, DFC is very picky about JVM version when it comes to create the keystores

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #15

    Thanks AlvaroDeAndres, issue has been resolved.

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    edited November 13, 2023 #16

    Hi AlvaroDeAndres and Hicham,

    I am getting below message on docbase log file.

    Picked up JAVA_TOOL_OPTIONS: -Djava.locale.providers=COMPAT,SPI --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-exports=java.base/sun.security.provider=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/sun.security.tools.keytool=ALL-UNNAMED
    sh: com.emc.documentum.server.method.eventsender.EventSender: command not found

  • AlvaroDeAndresGomez
    AlvaroDeAndresGomez Member
    #17

    that has nothing to do with JVM, probably your event sender method is wrong and marked as program

  • Ram_Kishan_Maitry
    Ram_Kishan_Maitry Member
    #18

    Is it create problem?

    How can I resolve it?

Categories