Symptoms

• After changing the certificate of the management interface of a DataPower Gateway, an LDAP server, or an SMTP server, DPOD can non longer access this Gateway/server.
  • For DataPower Gateway: Error messages are displayed when trying to list the Gateways domain in Manage → Devices → Gateways → <Specific Gateway>.
  • For LDAP server: You cannot sign in to DPOD.
  • For SMTP server: You receive internal alerts that DPOD cannot send emails, and no emails are sent from DPOD.

• You see errors in the log files of UI, HK-WdpDeviceResources, HK-SyslogKeepalive or other components, that are similar to the following messages:

  Error loading trusted keystore from /app/java/lib/security/cacerts. Make sure the password is correct and that the trusted keystore file exists.
  java.io.IOException: Keystore was tampered with, or password was incorrect
  java.security.UnrecoverableKeyException: Password verification failed

Cause

On rare occasions, the Java cacerts file might become corrupted, or its password might be changed externally, and DPOD can no longer read this file.

Resolution

Copy /app/java/lib/security/cacerts from another valid DPOD installation (you may install a new Developer Edition DPOD for this purpose if you don't have another installation), or contact the support to receive a copy of this file.

The cacerts file should match your DPOD version - do not try to copy the cacerts file from another DPOD installation of a different version.