search cancel

java.io.IOException starting web server, at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:332)

book

Article ID: 215930

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

SSL port associated to Autosys web server is not available via browser or via WCC, waae_webservices_wrapper.log  shows below error:

 

INFO   | jvm 1    | 2021/05/24 08:03:51 | 24-May-2021 08:03:51.920 INFO [WrapperStartStopAppMain] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-9443"]
INFO   | jvm 1    | 2021/05/24 08:03:52 | 24-May-2021 08:03:52.237 SEVERE [WrapperStartStopAppMain] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-9443]]
INFO   | jvm 1    | 2021/05/24 08:03:52 | org.apache.catalina.LifecycleException: Protocol handler initialization failed
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at java.lang.reflect.Method.invoke(Method.java:498)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at java.lang.reflect.Method.invoke(Method.java:498)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:429)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at java.lang.Thread.run(Thread.java:821)
INFO   | jvm 1    | 2021/05/24 08:03:52 | Caused by: java.lang.IllegalArgumentException
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  ... 19 more
INFO   | jvm 1    | 2021/05/24 08:03:52 | Caused by: java.io.IOException
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:332)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
INFO   | jvm 1    | 2021/05/24 08:03:52 |  ... 26 more

Environment

Release : 12.0

Component : CA Workload Automation AE (AutoSys)

Cause

keystore associated to the SSL connector defined in the webserver's server.xml does not have any keys/certificate in them.

Resolution

1) Identify the keystore associated to the webserver from /opt/CA/WorkloadAutomationAE/autouser.$AUTOSERV/webserver/conf/server.xml

 <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA2
56, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" clientAuth="false" keystoreF
ile="/opt/CA/WorkloadAutomationAE/autouser.R12/webserver/conf/.keystore" keystorePass="changeit" keystoreType="BCFKS" maxThreads="400" port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol" relaxedQueryCh
ars="|&lt;&gt;" scheme="https" secure="true" sslProtocol="TLS"/>

 

2)   Assuming your Autosys instance name is ACE (change ACE in the below command to appropriate instance name), list the keystore contents:

/opt/CA/WorkloadAutomationAE/jre/bin/keytool -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath /opt/CA/WorkloadAutomationAE/autouser.ACE/webserver/webapps/AEWS/WEB-INF/lib/bc-fips.jar -keystore /opt/CA/WorkloadAutomationAE/autouser.ACE/webserver/conf/.keystore -list -storepass changeit -storetype BCFKS -v

 

3) The above command has 0 entries, which is the problem

 

4) Follow the steps here, https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/autosys-workload-automation/12-0/securing/customize-ssl-for-web-services.html  to request a Self Signed certificate at least. If a formally signed certificate is needed, follow steps in appropriate section in the same page above