When attempting to start Catalog, SSL access does not work. The ServiceCatalog.log file reports:
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty
Release: 17.3 or higher
Component: CA Service Management
Catalog backend configuration is pointing to an invalid cacert file location. The "trustAnchors parameter must be non-empty" message appears if the trust store file that is contained in the Java implementation being used by Tomcat is inaccessible or corrupt.
The viewService.conf file, location C:\Program Files\CA\Service Catalog\view\conf\, should be examined to determine the location and the trust store parameters below. The following is a known working setup configured as part of SSL.
wrapper.java.additional.10=-Djavax.net.ssl.trustStore="C:/Program Files/CA/Service Catalog/embedded/jdk/lib/security/cacerts"
wrapper.java.additional.11=-Djavax.net.ssl.trustPass=changeit
...
wrapper.java.additional.21=-Dusm.java.home="C:/Program Files/CA/Service Catalog/embedded/jdk"
The file, usually "cacerts", is located in C:\Program Files\CA\Service Catalog\embedded\jdk\lib\security, assuming a default setup defined in viewService.conf.
While any "cacerts" file within the Catalog server instance may work, it is important to maintain consistency to the given cacerts file as integrations with other products may require this file to be updated as needed. See KB Article 271959 as an example