Keystore Error

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
shantal
Posts: 3
Joined: 01 Apr 2022, 16:09

Keystore Error

Post by shantal »

This error appeared for over 30 users within our company last Thursday 31st April. Has anyone else seen this issue or know what might be causing it?
All users are on the latest version. OWS has been installed as administrator for all users on the PC. All users on PCs dont have local admin access as this was locked down about 5 months ago.
Not sure why this started all of a sudden last Thursday. As a temporary fix we have had to give the users local admin access which we need to revoke again after we have identified what is causing this issue.

C:\Users\username\.config\icetea-web\security\trusted.clientcert (access denied) during operation 'load keystore' on keystore
Attempts to unlock: 1
Either type correct password and press ok or press cancel to continue without verfying the certificate.

Andreas Ehret
Posts: 78
Joined: 25 Mar 2020, 12:21

Re: Keystore Error

Post by Andreas Ehret »

I guess you mean 31th of March. Sounds like a similar message as reported in https://github.com/karakun/OpenWebStart/issues/389 and https://github.com/karakun/OpenWebStart/issues/428

Is it possible that a default password changed with the end of month for the keystore and you need to enter the correct password?

Janak Mulani
Posts: 497
Joined: 24 Mar 2020, 13:37

Re: Keystore Error

Post by Janak Mulani »

Hi
Not sure why this started all of a sudden last Thursday.
Do you mean to say that it was working till last Wednesday and on Thursday all of a sudden all 30 users started getting this error?

As I understand All users have their own machine with OWS installed on it?

Is it the case that for all the users OWS is configured such that they are using User level and not the System Level configuration as described here

Code: Select all

https://openwebstart.com/docs/OWSGuide.html#_user_configuration
?
C:\Users\username\.config\icetea-web\security\trusted.clientcert
Was this file overwritten/corrupted by any chance? The usual password is "changeit". Can you please try the following command: and enter "changeit" when it prompts for a password:

Code: Select all

C:\Users\username\.config\icedtea-web\security>keytool -list -keystore trusted.clientcerts
Enter keystore password:
What about other truststores in the same directory? Are you able to access them using the above command?

What happens when you run itw-settings and view Certificates in different trust stores? Is that working?

shantal
Posts: 3
Joined: 01 Apr 2022, 16:09

Re: Keystore Error

Post by shantal »

I will try the changeit password and see if that works. I have checked a few users and they are still on an older version of 1.1.7 which may be causing it. The var file that mercedes told us to use with the initial install has automatic updates set to never. So many are still on older versions.

shantal
Posts: 3
Joined: 01 Apr 2022, 16:09

Re: Keystore Error

Post by shantal »

I have tried changeit password and it didnt work. I uninstalled 1.1.7 from a users pc and installed 1.4.0 with administration rights- all users and the user still had the issue. We took away local admin access from users months ago and we didnt have any issues until now. Users dont have access to the cache and config file in their C:\profiles now when I look.
We need to find a way to still lock down local admin access but still let them have admin rights to these two folders. Cache and Config.

Stephan Classen
Posts: 224
Joined: 27 Mar 2020, 09:55

Re: Keystore Error

Post by Stephan Classen »

The nature of this suddenly appearing and also for all users and you not have changed any of the admin privileges at that time points to the keystore file.
Maybe this was changed.

My first guess would be that the access rights to the file has changed. This can be cause by different operations.
Can you please check the windows access right to keystore file.

Post Reply