The SSL configuration in Spectrum OneClick web server is correct according to the user guide instructions but there are errors referencing a "path not found" when starting the web server in the web server log file.
Release: Any
Component: SPCOCK
When configuring the Spectrum OneClick tomcat web server for SSL one of the primary steps is to activate the following section of the $SPECROOT/tomcat/conf/server.xml file by uncommenting it, and by also updating the keystoreFile value.
The default values in the server.xml file for those variables are:
keystoreFile="C:/win32app/spectrum/custom/keystore/cacerts" keystorePass="changeit"
If the keystoreFile value has been customized, after doing so there may be errors seen in the Spectrum OneClick tomcat web server log that appear.
For example lets say that you work for company ABC and have modified the path to be:
keystoreFile="C:/win32app/spectrum/custom/keystore_ABC/cacerts"
If that has been done the following error may be seen in the Spectrum OneClick tomcat web server log file.
The log file is found in the $SPECROOT/tomcat/logs directory. On Windows systems it is named stdout.log and on Unix systems it is named catalina.out.
Aug 15, 2012 3:42:34 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStoreSEVERE: Failed to load keystore type JKS with path C:/win32app/Spectrum/custom/keystore_ABC/cacerts due toC:\win32app\Spectrum\custom\keystore_ABC\cacerts (The system cannot find the path specified)java.io.FileNotFoundException: C:\win32app\Spectrum\custom\keystore_ABC\cacerts (The system cannot find the path specified)at java.io.FileInputStream.open(Native Method)at java.io.FileInputStream.(FileInputStream.java:120)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:400)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:358)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:615)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:527)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:566)at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:417)at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)at org.apache.catalina.connector.Connector.initInternal(Connector.java:956)at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)at org.apache.catalina.startup.Catalina.load(Catalina.java:624)at org.apache.catalina.startup.Catalina.load(Catalina.java:649)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:597)at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
When that error is seen it is commonly caused by a file in the tomcat web server directory structure that was not automatically updated by Spectrum.
Examine the OneClickService.conf file found in the $SPECROOT/tomcat/bin directory. It should have two entries by default that appear as:
jvm_opt=-Djavax.net.ssl.trustStore=C:/win32app/Spectrum/custom/keystore/cacerts jvm_opt=-Djavax.net.ssl.trustStorePassword=changeit
To resolve this problem:
jvm_opt=-Djavax.net.ssl.trustStore=C:/win32app/Spectrum/custom/keystore/cacerts
jvm_opt=-Djavax.net.ssl.trustStore=C:/win32app/Spectrum/custom/keystore_ABC/cacerts
At this point the error should be resolved and the web server should be accessible via SSL. If further errors continue to appear or the web server remains inaccessible, other problems may exist and a new support issue should be opened with Spectrum support for additional assistance.
Please reference the "Configure the Secure Socket on the OneClick Server" section of the documentation for more information.