No Response from Data Loss Prevention Virtual Appliance for Developer Apps
search cancel

No Response from Data Loss Prevention Virtual Appliance for Developer Apps

book

Article ID: 248173

calendar_today

Updated On:

Products

Data Loss Prevention API Detection Virtual Appliance Data Loss Prevention

Issue/Introduction

After setting up a new DLP VA, all tests fail to connect to the appliance even though it is shown as operational in the DLP Enforce Console. 

Environment

The following error is observed in the detectionserver.log
2022-08-11T22:20:17.625+0000 localhost [WrapperSimpleAppMain] INFO  org.apache.coyote.http11.Http11AprProtocol - Initializing ProtocolHandler ["https-openssl-apr-8080"]
2022-08-11T22:20:17.656+0000 localhost [WrapperSimpleAppMain] ERROR org.apache.catalina.util.LifecycleBase - Failed to initialize component [Connector[org.apache.coyote.http11.Http11AprProtocol-8080]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
 at org.apache.catalina.connector.Connector.initInternal(Connector.java:935)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
 at org.apache.catalina.core.StandardService.initInternal(StandardService.java:530)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
 at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
 at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173)
 at org.apache.catalina.startup.Tomcat.start(Tomcat.java:371)
 at com.symantec.dlp.restinduction.restdetectionservice.RestDetectionService.start(RestDetectionService.java:244)
 at com.symantec.dlp.rest.induction.CloudRestInductorBase.start(CloudRestInductorBase.java:89)
 at com.symantec.dlp.clouddetectionserver.applayer.CloudInductorPool.lambda$start$0(CloudInductorPool.java:191)
 at java.util.Iterator.forEachRemaining(Iterator.java:116)
 at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
 at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:647)
 at com.symantec.dlp.clouddetectionserver.applayer.CloudInductorPool.start(CloudInductorPool.java:185)
 at com.symantec.dlp.clouddetectionserver.bootstrap.CloudDetectionServer.start(CloudDetectionServer.java:556)
 at com.symantec.dlp.clouddetectionserver.bootstrap.CloudDetectionServer.main(CloudDetectionServer.java:232)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:325)
 at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.Exception: Unable to load certificate key /var/SymantecDLP/CDS/keystore/restdetection_keystore.pem (error:0906D06C:PEM routines:PEM_read_bio:no start line)
 at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
 at org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:497)
 at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:376)
 at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1043)
 at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
 at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
 at org.apache.catalina.connector.Connector.initInternal(Connector.java:932)
 ... 22 common frames omitted

Cause

As the appliance works via an apache https server, the a keystore file is required for operation. 

Resolution

Ensure a proper pkcs12 certificate has been generated and uploaded to the appliance. 

Example steps to generate and upload the proper keystore. 

1. Log into Enforce as a the DLP service user
2. Open a command line prompt and change the directory to <JRE Directory>\<JRE Version>\bin.
3. Type the following command below to create the keystore 
keytool -genkey -keyalg RSA -alias rest_api_cert -keystore rest_api.pkcs12 -validity 3650 -keysize 2048 -storepass 
Symc4now! -keypass Symc4now! -deststoretype pkcs12
4. Copy out the resulting rest_api.pkcs12 file
5. Log into Enforce as Administrator or otherwise Server Admin Role. 
6. Select the VA appliance from Server Overview
7. Click Configure
8. Click "Choose file" in the 'Upload keystore for SSL certificate:' section
9. Browse to the newly created rest_api.pkcs12 file
10.  SSH into the DLP Virtual Appliance
11. Enter Enable mode
12. Restart the appliance with the restart command. 
13. Check the detectionserver.log to ensure the following line is now present:
localhost [WrapperSimpleAppMain] INFO  com.symantec.dlp.restinduction.restdetectionservice.RestDetectionService - Rest Detection Service has started

 

 

Powered by Wolken Software