Unable to login to wcc after SSL certificate install
search cancel

Unable to login to wcc after SSL certificate install

book

Article ID: 259280

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Customer updated WCC SSL certificate and restarted WCC.  WCC URL is not accessible anymore.

CA-wcc.log has an error when initializing :8443

 

INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 | INFO: Initializing ProtocolHandler ["https-jsse-nio-8443"]
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 | Feb 05, 2023 11:27:59 AM org.apache.catalina.util.LifecycleBase handleSubClassException
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 | SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 | org.apache.catalina.LifecycleException: Protocol handler initialization failed
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at java.lang.reflect.Method.invoke(Method.java:498)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at java.lang.reflect.Method.invoke(Method.java:498)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:429)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at java.lang.Thread.run(Thread.java:750)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 | Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
INFO   | jvm 1    | 2023/02/05 11:27:59 |        4 |     at org.apache.

Environment

Release :

Cause

The error is because Tomcat is trying to validate the SSL certificate configured in <wcc>/tomcat/conf/server.xml for  :8443 connector/port, and is not able to find the certificate in the Alias that the connector was defined with

Resolution

/opt/CA/WorkloadAutomationAE/wcc/tomcat/conf/server.xml  had an :8443 connector using:   /opt/CA/WorkloadAutomationAE/wcc/data/config/.keystore  with alias=tomcat

1) So, verify what new keystore has by listing its contents:
/opt/CA/WorkloadAutomationAE/jre/bin/keytool -list -v -keystore /opt/CA/WorkloadAutomationAE/wcc/data/config/.keystore

# provide password for the keystore once prompted

 

2) In the above list, identify alias under which the SSL certificate exists by looking for "Entry type: PrivateKeyEntry" 

3) This is the alias we need to use in server.xml  (it might be tomcat  (example: Alias name: tomcat)    or it might be a custom one (example:     Alias name: wcc-company.com)

4) In this case, customer's existed as  Alias name:  wcc-company.com,  so ppdate the server.xml to use alias "wcc-utl.company.com" 

5) Save the file and bounce WCC

 

Verify WCC URL for the updated SSL certificate

Powered by Wolken Software