Symptoms
Task related to WAP subscription provisioning fails with the error:
Internal error: SDK::Platform::blob Plesk::SaaS::SaaSManagerTasks_impl::taskExecuteWorkflow(const SDK::Platform::Properties&) : [APSC] [AZURE] {"Code":"ErrorFromUnderlyingNotificationSubscribers","Message":"One or more errors occurred while contacting the underlying notification subscribers. The operation may be partially completed.","Details":[]}.
The following error is shown in /var/log/WAP/error.log
:
2014-05-12 13:03:28,400 ERROR IaaSKeyStoreImpl [main] - Failed to init key manager factory
java.security.UnrecoverableKeyException: Cannot recover key
Cause
The error means that one of the WAP certificates has incorrect password.
Resolution
There are 3 certificates on POA MN:
# /usr/java/default/bin/keytool -list -keystore /usr/local/share/WAP/WAPKeyStore -storepass <password from wap-config.xml>
wap, Mar 20, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:EC:AA:01:85:91:F3:1F:6B:5A:EC:05:2E:26:8D:74:68:07:A0:DB
mgmtsvc-adminapi, May 7, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 60:07:C9:3C:7A:3A:B5:14:C4:13:EE:B2:14:75:7D:5A:A2:F9:FA:69
mgmtsvc-usage, May 7, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 67:A0:E9:EB:7C:5E:F9:1F:36:E8:EC:DC:52:76:0A:ED:ED:B6:DE:31
How to understand what certificate causes the issue? Lets check each of 3 entries (we will try to change current password, for example from 'testpwd' to '111111'):
# cd /usr/local/share/WAP
# cp WAPKeyStore WAPKeyStore-tmp
# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias wap -keypass testpwd
# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias mgmtsvc-adminapi -keypass testpwd
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
# /usr/java/default/bin/keytool -keypasswd -new 111111 -keystore WAPKeyStore-tmp -storepass testpwd -alias mgmtsvc-usage -keypass testpwd
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
That means that entry 'wap' has password 'testpwd' and it was successfully changed to '111111', but we were unable to change password for entry 'mgmtsvc-adminapi' and 'mgmtsvc-usage' because their password is not 'testpwd'.
To fix the issue, do the following:
get real passwords for 'mgmtsvc-adminapi' and 'mgmtsvc-usage'
change them to 'testpasswd' in WAPKeystore using the above-mentioned command (i.e. to the password from
wap-config.xml file
):# /usr/java/default/bin/keytool -keypasswd -new testpasswd -keystore WAPKeyStore -storepass testpasswd -alias mgmtsvc-adminapi -keypass currentcertpasswd # /usr/java/default/bin/keytool -keypasswd -new testpasswd -keystore WAPKeyStore -storepass testpasswd -alias mgmtsvc-usage -keypass currentcertpasswd
restart WAP service and make sure that the error Failed to init key manager factory is not shown in log:
# service WAP restart