Invalid secret key requires JCE encryption libraries

Abiquo installations running Oracle Java use the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy. If the correct JCE jars are not available, Abiquo will not be able to communicate correctly with hypervisors, storage devices, and cloud providers. In this case you may see errors in the UI and errors in /opt/abiquo./tomcat/logs/catalina.out such as Unable to initialize due to invalid secret key

Invalid secret key error
Invalid secret key error

When to install

When to install the JCE libraries:

  • During the OVA deploy if the VM did not have internet access, or access to the DNS server

  • If the JCE libraries have "gone missing" perhaps during a system upgrade process. 

Install process

The install process is to obtain the Oracle Java Cryptography Extension (JCE) 8 from here: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.

After you log in, you can download the file jce_policy-8.zip

Extract the content and place it in $JAVA_HOME/jre/lib/security. Note that you may need to first install unzip from the Abiquo repo (yum install unzip).

Quick install

To install quickly and automatically accept the Oracle JCE license, use these combined commands as root user:

wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip -O /tmp/JCE.zip && unzip /tmp/JCE.zip -d /tmp   mv /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/java/default/jre/lib/security/



Check the install

You can check if JCE libraries have been updated by checking the md5sum.

# md5sum /usr/java/default/jre/lib/security/*.jar dabfcb23d7bf9bf5a201c3f6ea9bfb2c /usr/java/default/jre/lib/security/local_policy.jar ef6e8eae7d1876d7f05d765d2c2e0529 /usr/java/default/jre/lib/security/US_export_policy.jar



Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved