No Response from Data Loss Prevention Virtual Appliance for Developer Apps
search cancel

No Response from Data Loss Prevention Virtual Appliance for Developer Apps


Article ID: 248173


Updated On:


Data Loss Prevention API Detection Virtual Appliance Data Loss Prevention


After setting up a new DLP VA, all tests fail to connect to the appliance even though it is shown as operational in the DLP Enforce Console. 


The following error is observed in the detectionserver.log
2022-08-11T22:20:17.625+0000 localhost [WrapperSimpleAppMain] INFO  org.apache.coyote.http11.Http11AprProtocol - Initializing ProtocolHandler ["https-openssl-apr-8080"]
2022-08-11T22:20:17.656+0000 localhost [WrapperSimpleAppMain] ERROR org.apache.catalina.util.LifecycleBase - Failed to initialize component [Connector[org.apache.coyote.http11.Http11AprProtocol-8080]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
 at org.apache.catalina.connector.Connector.initInternal(
 at org.apache.catalina.util.LifecycleBase.init(
 at org.apache.catalina.core.StandardService.initInternal(
 at org.apache.catalina.util.LifecycleBase.init(
 at org.apache.catalina.core.StandardServer.initInternal(
 at org.apache.catalina.util.LifecycleBase.init(
 at org.apache.catalina.util.LifecycleBase.start(
 at org.apache.catalina.startup.Tomcat.start(
 at java.util.Iterator.forEachRemaining(
 at java.util.Spliterators$IteratorSpliterator.forEachRemaining(
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(
 at java.lang.reflect.Method.invoke(
Caused by: java.lang.Exception: Unable to load certificate key /var/SymantecDLP/CDS/keystore/restdetection_keystore.pem (error:0906D06C:PEM routines:PEM_read_bio:no start line)
 at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
 at org.apache.coyote.AbstractProtocol.init(
 at org.apache.coyote.http11.AbstractHttp11Protocol.init(
 at org.apache.catalina.connector.Connector.initInternal(
 ... 22 common frames omitted


As the appliance works via an apache https server, the a keystore file is required for operation. 


Ensure a proper pkcs12 certificate has been generated and uploaded to the appliance. 

Example steps to generate and upload the proper keystore. 

1. Log into Enforce as a the DLP service user
2. Open a command line prompt and change the directory to <JRE Directory>\<JRE Version>\bin.
3. Type the following command below to create the keystore 
keytool -genkey -keyalg RSA -alias rest_api_cert -keystore rest_api.pkcs12 -validity 3650 -keysize 2048 -storepass 
Symc4now! -keypass Symc4now! -deststoretype pkcs12
4. Copy out the resulting rest_api.pkcs12 file
5. Log into Enforce as Administrator or otherwise Server Admin Role. 
6. Select the VA appliance from Server Overview
7. Click Configure
8. Click "Choose file" in the 'Upload keystore for SSL certificate:' section
9. Browse to the newly created rest_api.pkcs12 file
10.  SSH into the DLP Virtual Appliance
11. Enter Enable mode
12. Restart the appliance with the restart command. 
13. Check the detectionserver.log to ensure the following line is now present:
localhost [WrapperSimpleAppMain] INFO - Rest Detection Service has started