NOW-EDGE-KEYSTORE_UNRECOVERABLE_KEYNOW-EDGE-KEYSTORE_UNRECOVERABLE_KEY Severity High Root Cause The keystore could contain the private key under the expected alias, however either (1) the key's algorithm is not supported by Edge Proxy or (2) the keystore password was incorrect or (3) the keystore file is corrupted. (Edge uses several certificates key pairs; this one is used for SSL/TLS) Effect The startup of the Edge Proxy will end abnormally upon not being able to load the SSL/TLS private key Corrective Action Firstly, look up value of following properties in edgeencryption properties file: edgeencryption.proxy.https.keystore.path (keystore file location)edgeencryption.proxy.https.keystore.password (keystore password)edgeencryption.proxy.https.cert.alias (certificate alias) Load the private key in the keystore stored under the alias (value of third property above), by executing the following: keytool -list -keystore /path/to/keystore_location -alias [alias] and when prompted with password, enter the value of the second property above in plain text. If you used an incorrect password or the file was corrupted, you would see something like the following error: "keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect" If the list operation is successful, you could check that the cert key pair was build with RSA:2048 as follows: keytool -exportcert -keystore /path/to/keystore_location -alias [alias] -file [cert_file] openssl x509 -in [cert_file] -text -noout The result should include: "Public Key Algorithm: rsaEncryption... Public-Key: (2048 bit)" If you can't recover the password or the uncorrupted keystore file or the algorithm was wrong, create a new SSL/TLS certificate and associated private key based on these instructions: https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/edge-encryption/task/t_SetUpSecureSSLConnection.html