Re: keyalias someAlias not found in KeyStore ref:/...

pietjacobs · 02-24-2025 03:07 AM

Hi all

We are experiencing a weird behavior since upgrading to the latest version of OPDK 4.53.00.02 resulting in a lot of HTTP 500 for API calls ( > 50%). Before the upgrade, all keystores/references were working fine...

NIOThread@3 ERROR ADAPTORS.HTTP.FLOW - LBTargetRequestSender.sendRequest() : Unexpected error while sending request 
com.apigee.kernel.exceptions.spi.UncheckedException: KeyAlias client-alias is not found in Keystore ref://backend.clientcert
	at com.apigee.security.SSLPreEvaluationContext.keyStore(SSLPreEvaluationContext.java:198)
	at com.apigee.security.SSLPreEvaluationContext.configure(SSLPreEvaluationContext.java:168)
	at com.apigee.protocol.http.HTTPService.configureSSL(HTTPService.java:64)
	at com.apigee.protocol.http.HTTPClient.configureSSL(HTTPClient.java:258)
	at com.apigee.messaging.adaptors.http.flow.data.TargetRequestSender.resolveClient(TargetRequestSender.java:213)
	at com.apigee.messaging.adaptors.http.flow.data.LBTargetRequestSender.sendRequest(LBTargetRequestSender.java:330)
	at com.apigee.messaging.adaptors.http.flow.data.LBTargetRequestSender.sendRequestOverride(LBTargetRequestSender.java:294)
	at com.apigee.messaging.adaptors.http.flow.data.TargetRequestSender.sendRequest(TargetRequestSender.java:252)
	at com.apigee.messaging.adaptors.http.flow.data.TargetRequestSender.sendRequest(TargetRequestSender.java:276)
	at com.apigee.messaging.adaptors.http.flow.execution.SendRequest.execute0(SendRequest.java:127)
	at com.apigee.messaging.adaptors.http.flow.execution.SendRequest.execute(SendRequest.java:55)
	at com.apigee.flow.execution.SyncExecutionStrategy.execute0(SyncExecutionStrategy.java:67)
	at com.apigee.flow.execution.SyncExecutionStrategy.execute(SyncExecutionStrategy.java:39)
	at com.apigee.flow.MessageFlowImpl.execute(MessageFlowImpl.java:587)
	at com.apigee.flow.MessageFlowImpl.resume(MessageFlowImpl.java:416)
	at com.apigee.flow.execution.ExecutionContextImpl$1.run(ExecutionContextImpl.java:125)
	at com.apigee.nio.NIOSelector.runTasks(NIOSelector.java:411)
	at com.apigee.nio.NIOSelector.access$000(NIOSelector.java:35)
	at com.apigee.nio.NIOSelector$2.findNext(NIOSelector.java:328)
	at com.apigee.nio.NIOSelector$2.findNext(NIOSelector.java:319)
	at com.apigee.nio.util.NonNullIterator.computeNext(NonNullIterator.java:21)
	at com.apigee.nio.util.AbstractIterator.hasNext(AbstractIterator.java:47)
	at com.apigee.nio.handlers.NIOThread.run(NIOThread.java:141)

The weird behavior is that if I make an exact duplicate of the keystore (but with a new unique name), and then update the Reference to the new KeyStore - the issue seems to be instantly solved across all MPs.
Note that this new KeyStore is uploaded via PKCS12 format as this is the new approach with 4.53.xx.

But it seems as soon as we restart any given Message Processor - the errors come back again even with the new KeyStore... And what solves it - is by again updating the Reference to point to the old KeyStore. So it seems updating the Reference is just a temporary fix until the next restart of MP...

We are working with Support on this - but I still like to raise the question here if anyone has had this same issue with 4.53.xx.

Kind regards
Piet

AlexET

Hello @pietjacobs, we saw your question and wanted to let you know we’re keeping it on our radar. We’ll also invite others in the community to pitch in and share their thoughts. 🙂

dchiesa1

Support seems like the right resource to work through this with you.

pietjacobs

Hi team

Thanks for your replies!

Ofcourse our main communication line is with support - but I wanted to raise the question here to see if anyone from the community had experienced the same behavior.

As it stands the issue has largely "gone away", but we are still not sure what the root cause was, for our analysis. We're still working with support to hopefully get a better understanding of the issue.

Kind regards

keyalias someAlias not found in KeyStore ref://someKeystore