Errors in web server log file about "path not found" after configuring SSL in Spectrum OneClick web server

book

Article ID: 49273

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

The SSL configuration in Spectrum OneClick web server is correct according to the user guide instructions but there are errors referencing a "path not found" when starting the web server in the web server log file.

Environment

Release: Any
Component: SPCOCK

Resolution

When configuring the Spectrum OneClick tomcat web server for SSL one of the primary steps is to activate the following section of the $SPECROOT/tomcat/conf/server.xml file by uncommenting it, and by also updating the keystoreFile value.

The default values in the server.xml file for those variables are:

 	keystoreFile="C:/win32app/spectrum/custom/keystore/cacerts"      keystorePass="changeit" 

If the keystoreFile value has been customized, after doing so there may be errors seen in the Spectrum OneClick tomcat web server log that appear.

For example lets say that you work for company ABC and have modified the path to be:

  	keystoreFile="C:/win32app/spectrum/custom/keystore_ABC/cacerts" 

If that has been done the following error may be seen in the Spectrum OneClick tomcat web server log file.

The log file is found in the $SPECROOT/tomcat/logs directory. On Windows systems it is named stdout.log and on Unix systems it is named catalina.out.

Aug 15, 2012 3:42:34 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStoreSEVERE: Failed to load keystore type JKS with path C:/win32app/Spectrum/custom/keystore_ABC/cacerts due toC:\win32app\Spectrum\custom\keystore_ABC\cacerts (The system cannot find the path specified)java.io.FileNotFoundException: C:\win32app\Spectrum\custom\keystore_ABC\cacerts (The system cannot find the path specified)at java.io.FileInputStream.open(Native Method)at java.io.FileInputStream.(FileInputStream.java:120)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:400)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:358)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:615)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:527)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:566)at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:417)at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)at org.apache.catalina.connector.Connector.initInternal(Connector.java:956)at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)at org.apache.catalina.startup.Catalina.load(Catalina.java:624)at org.apache.catalina.startup.Catalina.load(Catalina.java:649)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:597)at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)

When that error is seen it is commonly caused by a file in the tomcat web server directory structure that was not automatically updated by Spectrum.

Examine the OneClickService.conf file found in the $SPECROOT/tomcat/bin directory. It should have two entries by default that appear as:

 	jvm_opt=-Djavax.net.ssl.trustStore=C:/win32app/Spectrum/custom/keystore/cacerts   jvm_opt=-Djavax.net.ssl.trustStorePassword=changeit

To resolve this problem:

  1. Stop the Spectrum OneClick tomcat web server. To do so:

    1a - On Windows launch the Services UI and stop the Spectrum Tomcat service

    1b - On Unix run the stopTomcat.sh script from the $SPECROOT/tomcat/bin directory

  2. Edit the OneClickService.conf file as follows continuing with the above defined example to match the correct path to the cacerts file:

    Default:
    jvm_opt=-Djavax.net.ssl.trustStore=C:/win32app/Spectrum/custom/keystore/cacerts

    Edited:
    jvm_opt=-Djavax.net.ssl.trustStore=C:/win32app/Spectrum/custom/keystore_ABC/cacerts

    Save the changes to the file.

  3. Start the Spectrum OneClick tomcat web server. To do so:

    3a - On Windows launch the Services UI and start the Spectrum Tomcat service

    3b - On Unix run the startTomcat.sh script from the $SPECROOT/tomcat/bin directory

At this point the error should be resolved and the web server should be accessible via SSL. If further errors continue to appear or the web server remains inaccessible, other problems may exist and a new support issue should be opened with Spectrum support for additional assistance.

Additional Information

Please reference the "Configure the Secure Socket on the OneClick Server" section of the documentation for more information.