Error starting iGateway/EEM when using a custom certificate, ERROR :: AsyncHTTPConnAcceptor::start : unable to load P12 certificate
search cancel

Error starting iGateway/EEM when using a custom certificate, ERROR :: AsyncHTTPConnAcceptor::start : unable to load P12 certificate

book

Article ID: 236024

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys) Autosys Workload Automation

Issue/Introduction

Error starting iGateway/EEM using a custom certificate,  igateway.log shows

 

[3572] 10/21/21 15:25:03 ERROR :: AsyncHTTPConnAcceptor::start : unable to load P12 certificate [certfile : keystore.p12] 
[3572] 10/21/21 15:25:03 ERROR :: AsyncHTTPListener::startConnectors : connector for port [ 5250 ] failed to start and mustlisten set to true 
[3572] 10/21/21 15:25:03 ERROR :: AsyncHTTPListener::start : unable to start connector/s 
[3572] 10/21/21 15:25:03 ERROR :: HTTPTransportReceiver::start : transport receiver [ HTTP ] failed to start 
[3572] 10/21/21 15:25:03 ERROR :: TransportReceiverHandler::start : transport receiver [ HTTP] failed to start 
[3572] 10/21/21 15:25:03 FATAL :: Server::startReceivers : Unable to start receiver [ HTTP ] 
[3572] 10/21/21 15:25:03 FATAL :: Server::startReceivers : unable to start server 
[3572] 10/21/21 15:25:03 ERROR :: Server::start : Receivers didnot get started as expected 
[3572] 10/21/21 15:25:03 FATAL :: main: Server failed to start 

 

Note: first ensure the steps in https://knowledge.broadcom.com/external/article/18977/apply-own-p12-certificate-in-place-of-th.html are followed properly 

Cause

igateway.conf had a wrong keyURL (keyAlias in the keystore) or keyPW (keyPasswd) reference.  

 

Customer had the server certificate in a keyAlias but the keyAlias had a password too,  and it was not referenced in the iGateway.conf file:

<Connector name="defaultport">
 <port>5250</port>
 <mustlisten>true</mustlisten>
 <conntype/>
 <conntimeout>120</conntimeout>
 <peektimeout>30</peektimeout>
 <maxconnections>1000</maxconnections>
 <maxrequestbytes>10000000</maxrequestbytes>
 <maxpiperequests>10</maxpiperequests>
 <maxAcceptRate/>
 <certType>p12</certType>
 <certURI>keystore.p12</certURI>
 <certPW>Dx4PGgIWHUQ=</certPW>
 <secureProtocol/>
 <cipherlist/>
</Connector>

 

Resolution

Verify the contents of the keystore (keytool command for example) to display the contents of the keystore, confirm that the keyAlias containing the server certificate is correct (in this case, the keyAlias was tomcat)

After that munge the password for the keyAlias too: 

<iTechnology>ConfigTool -munge -version 4.6.0.0 -comp igateway -tag "TransportReceiver=HTTP;Connector=defaultport;keyPW;" -passwd password1234

(keyPassword in this case was password1234,  replace it with your correct password)

igateway.conf now should look like

<Connector name="defaultport">
 <port>5250</port>
 <mustlisten>true</mustlisten>
 <conntype/>
 <conntimeout>120</conntimeout>
 <peektimeout>30</peektimeout>
 <maxconnections>1000</maxconnections>
 <maxrequestbytes>10000000</maxrequestbytes>
 <maxpiperequests>10</maxpiperequests>
 <maxAcceptRate/>
 <certType>p12</certType>
 <certURI>keystore.p12</certURI>
 <certPW>Dx4PGgIWHUQ=</certPW>
 <keyURI>tomcat</keyURI>
 <keyPW>Dx4PGgIWHUQ=</keyPW>
 <secureProtocol/>
 <cipherlist/>
</Connector>


Restart iGateway.

 

Powered by Wolken Software