Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format
Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format
2022-02-27 21:43:41

I am trying to use a custom keystore with a certificate generated from Let's Encrypt. This was working 6 months ago, but today when I tried to update my certificate (based on the steps at Recipe: Installing your own SSL certificate in Omada Controller 2.7.0 for Linux), the jetty server wouldn't start with this exception:

2022-02-27 14:26:24 [main] [ERROR]-[SourceFile:42] - fail to start up jetty server .
java.io.IOException: Invalid keystore format
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:1.8.0_162]
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_162]
        at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_162]
        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_162]
        at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_162]
        at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:55) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyStore(SslContextFactory.java:1053) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1013) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:264) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:612) ~[jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.server.Server.doStart(Server.java:293) ~[jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411]
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411]
        at com.tp_link.eap.start.c.b.a(SourceFile:40) [eap-start-3.2.10.jar:?]
        at com.tp_link.eap.start.c.a.e(SourceFile:75) [eap-start-3.2.10.jar:?]
        at com.tp_link.eap.start.task.EapJettyStartUpTask.a(SourceFile:19) [eap-start-3.2.10.jar:?]
        at com.tp_link.eap.m.e.a(SourceFile:13) [eap-infrastructure-3.2.10.jar:?]
        at com.tp_link.eap.start.a.i(SourceFile:446) [eap-start-3.2.10.jar:?]
        at com.tp_link.eap.start.EapLinuxMain.b(SourceFile:86) [eap-start-3.2.10.jar:?]
        at com.tp_link.eap.start.EapLinuxMain.start(SourceFile:36) [eap-start-3.2.10.jar:?]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_162]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_162]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_162]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_162]
        at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243) [commons-daemon-1.0.15.jar:1.0.15]

 

I suspect there is an option in my SSL certificate that is no longer backward compatible with the version of jetty included with v3.2.10 of the Omada Controller, but is that the case? Will upgrading to the latest version (3.2.14) help with this?

  0      
  0      
#1
Options
2 Reply
Re:Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format
2022-03-01 08:36:07

  @Ryan_M I want to help but it's out of my knowledge.. But I notice you are using an old controller verison. Upgrading the controller V4/V5 may help, I don't know

  0  
  0  
#2
Options
Re:Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format
2022-03-01 17:20:27

  @Somnus thank you for your response. My concern with upgrading to a newer version of the Omada controller is 2 things:

1) I have an EAP245 v1 which I don't know if it is compatible with newer versions of the Omada Controller

2) My understanding is that newer versions of the Omada Controller are "cloud only". Will that work? What are the implications of that?

  0  
  0  
#3
Options