search cancel

Secure connection failed. SSL received a record that exceeded the maximum permissible length

book

Article ID: 21131

calendar_today

Updated On:

Products

CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Description:

In Service Desk r12.6 CA SDM & r12.7 CA SDM web.url with SSL fails with below error after following steps in Service Desk Admin guide 'Configure SSL on Tomcat' section.

Secure connection failed

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

Solution:

The process is taken from the Tomcat documentation updated for the Service Desk implementation of Tomcat, and can be found in the Administration guide.

  1. From the command line, change directories to the JRE install location, and enter the following command:

    bin\keytool -genkey -alias tomcat -keyalg RSA

    A .keystore file is created by default in the home directory of the logged in user. You can specify a different location during .keystore file generation. On UNIX, make sure that the directory in which you generate the .keystore file has sufficient permissions for CA Service Desk Manager access.

    Note: For more about specifying a different .keystore file location, see your Tomcat documentation.

  2. Answer the prompts appropriately. The default password is changeit.

    Note: You can enter a password other than the default one. For more information, see your Tomcat documentation.

  3. Edit the server.xml file located in the following directory: NX_ROOT\bopcfg\www\CATALINA_BASE\conf.

  4. Uncomment the SSL section and add the location of the .keystore file generated in the Step 1:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
    </Connector>

  5. In the above given <Connector> statement SSLEnabled="true" should be added. Else it returns below message while browsing Service Desk via https.

    From Firefox:

    <Please see attached file for image>

    Figure 1

    From Internet Explorer:

    <Please see attached file for image>

    Figure 2

  6. Make sure <Connector> statement is modified as follows and restart tomcat server.

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    SSLEnabled="true" port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
    </Connector>

  7. Use the following commands to restart the Tomcat server:

    pdm_tomcat_nxd -c stop
    pdm_tomcat_nxd -c start

Environment

Release: SWAMFC059000-12.7-Software Asset Manager-Flow Control
Component:

Attachments

1558703707846000021131_sktwi1f5rjvs16q9v.gif get_app
1558703698308000021131_sktwi1f5rjvs16q9u.gif get_app