Spectrum WebApp with HTTPS stops working
search cancel

Spectrum WebApp with HTTPS stops working

book

Article ID: 248714

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

All was all working fine, but yesterday we discovered that both our running instances had stopped responding. A restart of webtomcat and tomcat did not resolve....

Message displayed in browser

     Request processing failed. Please refer the tomcat log for more details.

                     ..Not able to reach OneClick Webapp. Process might be stopped. Please start the Spectrum WebTomcat Process and re-launch

 

 

From OneClick tomcat log we are seeing the following errors

 

Aug 25, 2022 14:00:21.551 (https-jsse-nio-8443-exec-11) - IOException while connecting to webapp

Aug 25, 2022 14:00:21.551 (https-jsse-nio-8443-exec-11) - Trying with localhost

Aug 25, 2022 14:00:21.579 (https-jsse-nio-8443-exec-11) - IOException while connecting to webapp

javax.net.ssl.SSLException: Certificate Not Valid

        at sun.security.ssl.Alert.createSSLException(Alert.java:133)

        at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)

        at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)

        at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)

        at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1563)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441)

        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)

        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167)

        at com.aprisma.spectrum.app.web.servlet.WebAppLaunchServlet.webAppServerReachable(WebAppLaunchServlet.java:576)

        at com.aprisma.spectrum.app.web.servlet.WebAppLaunchServlet.doGet(WebAppLaunchServlet.java:280)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:655)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)

        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)

        at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)

        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)

        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)

        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)

        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1722)

        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)

        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

        at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.SecurityException: Certificate Not Valid

        at com.ca.integration.normalization.common.NIMServletContextListener$1.checkServerTrusted(NIMServletContextListener.java:562)

        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1256)

        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)

        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)

        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)

        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)

        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)

        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)

        at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)

        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)

        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)

        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)

        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)

        ... 32 more

 

 

Environment

Release :22.x. /  21.2.x / 10.4.x

Component : Spectrum OneClick Webapp

Cause

Expired SSL Certificate

Resolution

Update the expired SSL Cert with a valid Certificate

Additional Information

****Workaround****

 

As a temporary workaround you can follow these steps

 

1. Login to the OC Webapp portal here

https://<OC FQDN Server>:<webapp port>/spectrum

login is spectrum / spectrum

 

2. Click on Manage on the top right

 

3. From left hand side click on OneClick Webapp

 

4. Scroll down under App Configuration and keep scrolling down until you find "Launcher Configuration" 

Under Main Arguments you would add the following

-host <fqdn hostname> -port 8443 -ssl true -model_bits 20 -> if Spectrum was configured to use legacy landscape during its installation

or

-host <fqdn hostname> -port 8443 -ssl true -model_bits 24 -> if Spectrum was configured to use huge landscape during its installation

 

To confirm this, you can go to Oneclick Web page administration, the click on " Start Console" . Then, open/edit the "oneclick.jnlp" file downloaded.

Inside the file, you should see the following line:

<argument>-model_bits 20</argument>

or

<argument>-model_bits 24</argument>

 

So the line would look like after

-host <fqdn hostname> -port 8443 -ssl true -model_bits 20 -compress 9 ${customArgs}

or

-host <fqdn hostname> -port 8443 -ssl true -model_bits 24 -compress 9 ${customArgs}

 

5. Then you can launch OC Webapp directly from the URL 

 

https://<OC FQDN Server>:<webapp port>/spectrum/oneclickwebapp

 


By adding this configuration line you are bypassing the SSL handshake from Webapp Tomcat to Spectrum Tomcat.