search cancel

WCC failed to start with an Unexpected error: java.security.InvalidAlgorithmParameterException

book

Article ID: 255394

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

The Autosys WebUI portal failed to launch after configuring the SSL certificates.

The WCC log file (%CA_WCC_INSTALL_LOCATION\CA-wcc.log) has the following exception(s) captured -


INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 | @asi <ForkJoinPool-9-worker-1> [] ERROR #SchedulerAgentsDAO                 # Exception writing Agents to database : Internal error parsing response from Scheduler Test
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 | com.ca.workload.services.exceptions.WlaInternalServerErrorException: Internal error parsing response from Scheduler Test
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.cam.adapters.AEAdapter.getAgents(AEAdapter.java:159)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.cam.dao.SchedulerAgentsDAOImpl.retrieveSchedulerAgentsFromScheduler(SchedulerAgentsDAOImpl.java:107)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.cam.tasks.RefreshAgents.compute(RefreshAgents.java:54)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.util.concurrent.RecursiveAction.exec(RecursiveAction.java:189)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 | Caused by: com.ca.workload.services.exceptions.WlaHTTPSProtocolException: HTTP 400 Bad Request
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.config.CAMResponseLoader.getResponse(CAMResponseLoader.java:194)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.cam.adapters.AEAdapter.getAgents(AEAdapter.java:146)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  ... 7 more
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 | Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:399)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:285)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:252)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:684)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:681)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:681)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:411)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:311)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.config.CAMResponseLoader.getResponse(CAMResponseLoader.java:158)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  ... 8 more
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 | Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:91)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.validator.Validator.getInstance(Validator.java:181)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at com.ca.workload.services.config.CAMResponseLoader$TempTrustManager.checkServerTrusted(CAMResponseLoader.java:277)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1091)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  ... 28 more
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 | Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89)
INFO   | jvm 1    | 2022/12/02 10:39:43 |      501 |  ... 42 more
INFO   | jvm 1    | 2022/12/02 10:40:05 |      521 | Dec 02, 2022 10:40:05 AM org.owasp.csrfguard.log.JavaLogger log
INFO   | jvm 1    | 2022/12/02 10:40:05 |      521 | INFO: CsrfGuard analyzing request /wcc/quickview/pages/main.jsf

Environment

Release : 11.3.6

Cause

The trustAnchors exception is a truststore exception and  may appear due to -

Missing or invalid truststore location

Incorrect truststore password

Resolution

If the truststore/keystore certificate key name (default: tomcat) password (default: changeit) are non-default, you would repeatedly see this message in the log file %CA_WCC_INSTALL_LOCTION%\CA-wcc.log 
Add an  additional java environment-variable in the wrapper.conf file as following:
 
wrapper.java.additional.<number>=-Djavax.net.ssl.trustStorePassword=<keystorepassword>
 
Example:
 To use ‘[email protected]’ as the new password for keystore:
 
[email protected]55w0rD
 
Verify the trustStore location provided under existing wrapper.java.additional property.

wrapper.java.additional.<number>=-D"javax.net.ssl.trustStore=%CA_WCC_INSTALL_LOCATION%/data/config/.keystore"
 
Restart the WCC services

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/workload-automation-ae-and-workload-control-center/11-3-6-SP8/installing/ca-wcc-installation/customize-secure-access-to-ca-wcc.html