All was all working fine, but yesterday we discovered that both our running instances had stopped responding. A restart of webtomcat and tomcat did not resolve....
Message displayed in browser
Request processing failed. Please refer the tomcat log for more details.
..Not able to reach OneClick Webapp. Process might be stopped. Please start the Spectrum WebTomcat Process and re-launch
From OneClick tomcat log we are seeing the following errors
Aug 25, 2022 14:00:21.551 (https-jsse-nio-8443-exec-11) - IOException while connecting to webapp
Aug 25, 2022 14:00:21.551 (https-jsse-nio-8443-exec-11) - Trying with localhost
Aug 25, 2022 14:00:21.579 (https-jsse-nio-8443-exec-11) - IOException while connecting to webapp
javax.net.ssl.SSLException: Certificate Not Valid
at sun.security.ssl.Alert.createSSLException(Alert.java:133)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1563)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)
at com.aprisma.spectrum.app.web.servlet.WebAppLaunchServlet.webAppServerReachable(WebAppLaunchServlet.java:576)
at com.aprisma.spectrum.app.web.servlet.WebAppLaunchServlet.doGet(WebAppLaunchServlet.java:280)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:655)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1722)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.SecurityException: Certificate Not Valid
at com.ca.integration.normalization.common.NIMServletContextListener$1.checkServerTrusted(NIMServletContextListener.java:562)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1256)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
... 32 more
Release :22.x. / 21.2.x / 10.4.x
Component : Spectrum OneClick Webapp
Expired SSL Certificate
Update the expired SSL Cert with a valid Certificate
****Workaround****
As a temporary workaround you can follow these steps
1. Login to the OC Webapp portal here
https://<OC FQDN Server>:<webapp port>/spectrum
login is spectrum / spectrum
2. Click on Manage on the top right
3. From left hand side click on OneClick Webapp
4. Scroll down under App Configuration and keep scrolling down until you find "Launcher Configuration"
Under Main Arguments you would add the following
-host <fqdn hostname> -port 8443 -ssl true -model_bits 20 -> if Spectrum was configured to use legacy landscape during its installation
or
-host <fqdn hostname> -port 8443 -ssl true -model_bits 24 -> if Spectrum was configured to use huge landscape during its installation
To confirm this, you can go to Oneclick Web page administration, the click on " Start Console" . Then, open/edit the "oneclick.jnlp" file downloaded.
Inside the file, you should see the following line:
<argument>-model_bits 20</argument>
or
<argument>-model_bits 24</argument>
So the line would look like after
-host <fqdn hostname> -port 8443 -ssl true -model_bits 20 -compress 9 ${customArgs}
or
-host <fqdn hostname> -port 8443 -ssl true -model_bits 24 -compress 9 ${customArgs}
5. Then you can launch OC Webapp directly from the URL
https://<OC FQDN Server>:<webapp port>/spectrum/oneclickwebapp
By adding this configuration line you are bypassing the SSL handshake from Webapp Tomcat to Spectrum Tomcat.