Hi Lian,
I am using a made up instance of AMRICH for my example.
You will only need the user_keystore files in place if you are using Java 8 201 or higher on the host,
or on your PC. A workaround is to edit the java.security file if over 201. Remove anon, and NULL from the
excluded cyphers. Yep, this works. We had to do that when we were at V9.1.1 still.
We created a seperate set of keystore files for each instance. And after you create it on a instance,
you have to copy it to the remote agents related to the master, and then to your PC under the correct
directory C:\Users\username\Appworx\AMRICH for this example. Thast is Appworx, not .Appworx.
We always had .Appworx
A lot of this is in the installation guide, but not the commands using keytool. I had to ask support
for help with this, and my own research.
Good luck, Hope this helps.
###
Stop AMRICH
cd to $AW_HOME/data
java -fullversion
which keytool
### Generate a 20 character password
Verify you are in the data directory for the master.
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 ; echo ''
Creates a 20 character password.
### Create the keystore.
You need to be in the data directory for the master.
su to the user you run the master under. su - amrich
keytool -genkey -keyalg RSA -keystore user_keystore -alias AMRICH -validity 9999 -keysize 2048
Enter keystore password:????????????????????
Re-enter new password:????????????????????
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]: US
Is the parameters you entered correct?
[no]: yes
Enter key password for <amrich>
(RETURN if same as keystore password): <=== ENTER
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format
using "keytool -importkeystore -srckeystore user_keystore -destkeystore user_keystore -deststoretype pkcs12".
From the data directory.
ls -la | egrep 'user_keystore'
keytool --list -v -keystore user_keystore
Enter keystore password: ?????????????????
Now I need to create the user_keystore_config which is simply creating a file called user_keystore_config
which contains the clear text password that was used to create the keystore.
From the data directory. You put the 20 character password in this file. Then you encrypt it.
vi user_keystore_config
??????????????????
ls -la | egrep 'user_keystore'
Encrypt the password file user_keystore_config which is where step 2 in the documentation.
Depending on your environment you may need to do this from the /web/classes directory:
From the $AW_HOME/web/classes directory. It uses one of the jar files.
###
### Encrypt the password.
###
From $AW_HOME/web/classes
java -DAW_HOME=$AW_HOME -cp AppWorx.jar:uc4-ra.jar com.appworx.util.EncryptKeystoreFile ?????????????????? <=== ??? is the password.
Starting to create keystore_config file.
Initializing JCE: AES 256
Data decrypted Initialized JCE
JCE Initialized successfully 242
present then the Master will use this keystore to create any SSL listening sockets.
###
### Verification
###
From the data directory.
ls -la | egrep 'user_keystore'
### As you can see above the user_keystore_config password file is now encrypted.
more user_keystore_config
chmod 750 user_keystore*
ls -la | egrep 'user_keystore'
###
### Copy user_keystore files to remote agents data directory.
###
Don't forget to change the owner to the remote agent user.
###
### Start AMRICH
###
###
### Verification
###
###
### Copy the user_keystore* files to my PC.
###
*** PC
For V9.3.1 the user_keystore* files need to be copied to this directory.
C:\Users\<user name>\AppWorx\<master name>
For AMRICH, I am using this directory.
C:\Users\username\AppWorx\AMRICH
user_keystore
user_keystore_config
###
### Test it out.
###
#
# Verification.
#
C:\local\AM_Client\client.properties
Verify you are using Oracle Java 1.8.0_231.
# JAVA_HOME=C:/local/jdk-11
# JAVA_HOME=C:/Program Files/Java/jre1.8.0_151
JAVA_HOME=C:/Program Files/Java/jre1.8.0_231
#
# Test it out.
#
Run the RunClient.jar command to login to AMRICH
Original Message:
Sent: 08-26-2020 10:52 AM
From: Lian Way Foon
Subject: Errors after upgrade to v9.3.2
Hi Richard,
I managed to install java 1.8.0_192. This seems able to establish connection without the SSL.
However, I would like to understand further about SSL connection.
according to the KB, I can generate the keystore file using command below:
java -DAW_HOME=${AW_HOME} -cp AppWorx.jar:uc4-ra.jar com.appworx.util.EncryptKeystoreFile password
However, I found only "user_keystore_config" in the data directory. What should I do to generate "user_keystore"?
Original Message:
Sent: 08-26-2020 08:29 AM
From: Richard Blumlein
Subject: Errors after upgrade to v9.3.2
Hi Lian,
I can only offer some things I would do when this happens to me.
I always like starting out with fresh logs. What I do is shutdown wipe all the logs in the master directory. I always have debug turned on in the env files. And another thing is we stopped using the Apache that is supplied with the installations. We started to use out own Apache.
Plus with V9.3.1 which we are on the Apache just gives the users information where to download the files from. We changed the Intro.html file to remove the download of the Client.zip file, so it really does nothing. The users have to contact us through a secure files folder on Microsoft Teams. They can then download the user_keystore files, and the customized AM_Client.zip file. we customize the connections, and client.properties files. Once they have this they are good till the next time we upgrade to get the new client with the new RunClient.jar.
When we were on V9.1.1, and V9.3.1 we got a lot of the java api timeout errors. The fix was to update the java.security file for the Java you are using changed /dev/random to /dev/urandom. And based on the Java you are using Java 8 201 or higher you have to have those keystore files in place or get the socket issues, and things won't start.
We went from V9.1.1 to V9.3.1, and it was a challenge to me getting a lot of this figured out.
Starting with clean log directory start up, get the errors in debug mode, and zip them up for support.
I think I might of gave info on two different questions, apache, and startso.
Thank you, Good luck.
Rich
Original Message:
Sent: 08-25-2020 02:39 PM
From: Lian Way Foon
Subject: Errors after upgrade to v9.3.2
first, my rmi server failed to bring up apache service after I choose to upgrade my apache during the installation instruction.
appman@server1:/opt/appworx9/apache/bin# ./apachectl start
Syntax error on line 176 of /opt/appworx9/apache/conf/httpd.conf:
Invalid command 'Order', perhaps mis-spelled or defined by a module not included in the server configuration
besides, another error to bring up my agentservice in separate agent server after upgrade the agent to v9.3.2:
appman@agent1:/opt/appworx9/bin#startso all
jvm_bits not defined, set to 32 starting agentservice
..............................
agentservice did not start
agentservice did not start at /opt/appworx9/data/inst.pl line 5158.
startso done
This had greatly impacted to my business user due to both failure and raised a severity 1 ticket but no one contacted me after 1 hours ++