Page Comparison

Comment: Remember to update the release version number before publishing externally.

...

Startup of Identity Manager might fail with an exception message like this in the log:.

Aborting deployment! 
Unable to verify the last Object History entry of the chain [PRIME1]. 
There appears to be an error in the engineSignEncrypt configuration of the descriptor [ObjectHistorySigner (version: 2)]. 
The referenced key is probably wrong. Another possible explanation for this error is that the ObjectHistory entry was manipulated. 
Offending entry id: [4711]. Please check the engineSignEncrypt config xml and the referenced keys! 
If the configured key is correct, the entry might be corrupted. 
This can be worked around by starting a new chain.

Potential causes:

1. The key configured for the ObjectHistorySigner descriptor in the current version (version 2 in the example error message above) is wrong, the wrong P12 file might been configured.

2. The object history got corrupted by accident or deliberate manipulation, forensic analysis may be advisable.

A quick workaround to get restart the application to start again is to switch to a new chain name for idm-operator:

...

In Identity Manager versions before 24.R1, that folder did contain all demo keys, which were since removed. Furthermore, theengineSignEncryptConfig.xml shipped in WAR files of 24.R1 and above references additional P12 files not used or not bootstrapped previously. By default, a dedicated P12 file per descriptor is used instead of sharing files between descriptors.

...