Upgrade to HF84 completed successfully, but when trying to start the EMs, we are getting the following error in the log and the EM is shutting down
..
2022-01-05 11:42:45,238 [INFO] [main] [Manager.EMWebServer] Certificate '1' subject: ...
2022-01-05 11:42:45,238 [INFO] [main] [Manager.EMWebServer] Certificate '1' issuer: ...
2022-01-05 11:42:45,238 [INFO] [main] [Manager.EMWebServer] Certificate '1' subject alternative DNS name: ...
2022-01-05 11:42:45,238 [INFO] [main] [Manager.EMWebServer] Certificate '1' subject alternative DNS name: ...
2022-01-05 11:42:45,238 [INFO] [main] [Manager.EMWebServer] Certificate '1' subject alternative DNS name: ...
2022-01-05 11:42:45,238 [DEBUG] [main] [Manager.EMWebServer] Validating certificate '1'
2022-01-05 11:42:45,240 [DEBUG] [main] [Manager.EMWebServer] Failed to start the Jetty web server: the trustAnchors parameter must be non-empty
java.security.
at java.security.cert.
at java.security.cert.
at com.wily.webserver.
at com.wily.webserver.
at com.wily.webserver.
at com.wily.introscope.server.
Release : 10.7.0
Component : Introscope
The upgrade version does try to validate used certificate at the start so that we can detect issues like this or expired certificate.
The issue here is either that the certificate they are using does not contain the entire certificate chain or that the trust store they are using does not contain all the CA certificates they need.
In this specific customer scenario, the same file was used for keystore and also truststore, this approach is no longer valid as the certificate and intermediate have to be placed into keystore and the root CA into the truststore
Solution:
- Split up the keystore and truststore accordingly
- Start the EM
Error can be due to invalid/expired certificates, certificate passphrase etc.