SRM issue accessing the FE UI after updating the certificate
Summary: After going through "Configuring HTTPS with certificates signed by a certificate authority" in the Guide "M&R Security and Configuration Guide," the Frontend(FE) UI is not accessible.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
The browser may display the following messages when accessing the FE:
May find the following error messages when looking at the catalina logs on the FE server:
"The connection has timed out"
"This site can't be reached"
"This site can't be reached"
May find the following error messages when looking at the catalina logs on the FE server:
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-58443"]
java.security.UnrecoverableKeyException: Cannot recover key
Or
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-58443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-58443]]
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
java.security.UnrecoverableKeyException: Cannot recover key
Or
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-58443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-58443]]
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
Cause
There was an issue with the certificate-key password being different from the keystore password when going through the "Configuring HTTPS with certificates signed by a certificate authority" steps.
The step to rectify this difference is not mentioned in the M&R Security Configuration Guide.
The difference must be stated clearly in the server.xml file or the FE UI is not accessible.
Resolution
On the FE server, rectify the following:
- While importing keystore is there any alias created for key "apg-aliasname.pfx"?
As the location of the file may not be same as shown, do the following on the FE server:
find / -iname apg-a*
Look for "apg-aliasname.pfx" (file extension could also be .PEM or .CRT).
find / -iname apg-a*
Look for "apg-aliasname.pfx" (file extension could also be .PEM or .CRT).
- Any password is set for "apg-aliasname.pfx" key.
If key alias and password are set, then mention that key alias, key password, and also keystore password in the server.xml file.
Example: Add below attributes in server.xml.
keystorePass="insert keystore password here"
keyPass="insert key password here"
keyAlias="insert private key alias here"/>
Example: Add below attributes in server.xml.
keystorePass="insert keystore password here"
keyPass="insert key password here"
keyAlias="insert private key alias here"/>
- Update and Restart all modules or services.
PuTTY into the FE host or server, go to /opt/APG/bin, run ./manage-modules.sh service update all, then run ./manage-modules.sh service restart all.
- Try to access the FE, it should be accessible now.
Products
SRMArticle Properties
Article Number: 000190501
Article Type: Solution
Last Modified: 07 Oct 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.