Created an empty keystore and generated a certificate request which is used to generate a new certificate.
Imported the certificate to the keystore and replace <WCC>\data\config\.keystore with the new keystore.
After WCC is restarted, user could not get the WCC login page.
The following error was observed in CA-wcc.log:
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | Caused by: java.lang.IllegalArgumentException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1082)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:267)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | ... 19 more
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:385)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:309)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
INFO | jvm 1 | 2020/01/02 09:38:57 | 2 | ... 26 more
Release : 11.3.6
Component : WORKLOAD CONTROL CENTER
A certificate with alias legacyagents was removed from the original keystore.
The following commands are used to export/import certificate from/into keystore
to export:
keytool -export -alias -file -keystore
to import:
keytool -import -alias -file -keystore
Whenever you change any Keystore make sure that "legecyagents" alias certificate should present in WCC Keystore file (.keystore)
The procedure to request and use a certificate from a Trusted Certificate Authority, is documentated at the following URL:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/intelligent-automation/workload-automation-ae-and-workload-control-center/11-3-6-SP4/installing/ca-wcc-implementation/customizing-secure-access-to-ca-wcc.html#concept.dita_0a8d614752e8ba6e83c98a178362ce1ed0b10bcc_HowtoRequestandUseaCertificateFromaTrustedCertificateAuthority