Description:
In Service Desk r12.6 CA SDM & r12.7 CA SDM web.url with SSL fails with below error after following steps in Service Desk Admin guide 'Configure SSL on Tomcat' section.
Secure connection failed
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Solution:
The process is taken from the Tomcat documentation updated for the Service Desk implementation of Tomcat, and can be found in the Administration guide.
- From the command line, change directories to the JRE install location, and enter the following command:
bin\keytool -genkey -alias tomcat -keyalg RSA
A .keystore file is created by default in the home directory of the logged in user. You can specify a different location during .keystore file generation. On UNIX, make sure that the directory in which you generate the .keystore file has sufficient permissions for CA Service Desk Manager access.
Note: For more about specifying a different .keystore file location, see your Tomcat documentation.
- Answer the prompts appropriately. The default password is changeit.
Note: You can enter a password other than the default one. For more information, see your Tomcat documentation.
- Edit the server.xml file located in the following directory: NX_ROOT\bopcfg\www\CATALINA_BASE\conf.
- Uncomment the SSL section and add the location of the .keystore file generated in the Step 1:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
</Connector>
- In the above given <Connector> statement SSLEnabled="true" should be added. Else it returns below message while browsing Service Desk via https.
From Firefox:
<Please see attached file for image>

From Internet Explorer:
<Please see attached file for image>

- Make sure <Connector> statement is modified as follows and restart tomcat server.
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
SSLEnabled="true" port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
</Connector>
- Use the following commands to restart the Tomcat server:
pdm_tomcat_nxd -c stop
pdm_tomcat_nxd -c start