Oneclick SSL webpage is not displayed

book

Article ID: 143250

calendar_today

Updated On:

Products

CA eHealth CA Spectrum

Issue/Introduction

One click configured for SSL displays error message (this website cannot be reached). I have uncommented the connector section in the  server.xml  located under $SPECROOT/tomcat/conf (connector section) and restarted tomcat. 

 

Cause

Check tomcat log for the following error:

SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed
      at org.apache.catalina.connector.Connector.initInternal(Connector.java:979)
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
      at org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
      at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1060)
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
      at org.apache.catalina.startup.Catalina.load(Catalina.java:588)
      at org.apache.catalina.startup.Catalina.load(Catalina.java:611)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: Alias name [null] does not identify a key entry

The certificate imported is using the wrong key entry for the tomcat ssl alias. 

Environment

Release : 10.4

Component : Spectrum Core / SpectroSERVER

 

 

 

Resolution

The keystore is missing private key and the certificate imported is a trustedCertEntry instead of PrivateKeyEntry 

To verify this run the keytool command and list the certificates:

keytool -list -v -keystore mykeystore.jks -alias tomcat
Enter keystore password:
Alias name: tomcat
Creation date: December 22, 2019
Entry type: trustedCertEntry

Ensure the certificates are imported as privatekey and not a trustedcertificate.