OneClick SSL configuration "SSL_ERROR_RX_RECORD_TOO_LONG" error message
search cancel

OneClick SSL configuration "SSL_ERROR_RX_RECORD_TOO_LONG" error message


Article ID: 144822


Updated On:


CA Spectrum DX NetOps


After following the documentation for HTTPS with OneClick, we are seeing the error message "SSL_ERROR_RX_RECORD_TOO_LONG"

With using the server.xml file from the Spectrum documentation from "Configure OneClick for Secure Sockets Layer" we see that the port 8443 is running but it isn`t possible to connect with browser to https://<hostname>:8443/spectrum/ => errorcode: SSL_ERROR_RX_RECORD_TOO_LONG
Error message "java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens"
However, it is possible to connect to  http://<hostname>:8443/spectrum/


All supported DX NetOps Performance Management releases


Details of investigation:

  1. Listed the certificates in the keystore with this command:
    • ./keytool -list -v -keystore /usr/Spectrum/custom/keystore/cacerts > keystore.out
  2. Noticed in keystore.out file that the Alias of tomcatssl was only a trustedCertEntry as below:

Alias name: tomcatssl
Creation date: Jan 27, 2020
Entry type: trustedCertEntry

We would expect the entry type to be a PrivateKeyEntry, private key has accidentally overwritten when trying to import the signed CA from the CSR.


  1. Restore a backup of keystore
  2. Verify that OneClick works as expected.

As a best practice, always take a backup of the keystore.

The signed CA Certificate must be the same one the CSR was created from, otherwise, you will overwrite your PrivateKeyEntry when you import the Signed Certificate.

See the "Import a CA-Signed Certificate" documentation topic for additional information.