The HTTPS on port 443 is not initialized by the Tomcat
The following error is logged in the Tomcat's log file (stdout.log or catalina.out file):
INFO: Initializing ProtocolHandler ["https-jsse-nio-443"]
Mar 22, 2019 3:47:45 PM org.apache.catalina.util.LifecycleBase handleSubClassException
SEVERE: Failed to initialize component [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:935)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:530)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1043)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:932)
... 13 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:389)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:313)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
... 19 more
CA Spectrum 20.2, 21.2
One of two possible reasons:
#1. Recover the $SPECROOT/custom/keystore/cacerts file from the $SPECROOT/Java/jre/lib/security/ directory. (Copy cacerts file from $SPECROOT/Java/jre/lib/security to $SPECROOT/custom/keystore)
The cacerts file cannot be deleted. If you want to remove the entries from the cacerts file, run the following syntax (example):
./keytool.exe -delete -alias tomcatssl -keyalg RSA -keystore c:/win32app/Spectrum/custom/keystore/cacerts
#2. add the following to the $SPECROOT/tomcat/conf/server.xml within the https 8443 connector tag:
truststoreFile="/SPECTRUM/Java/jre/lib/security/cacerts"
truststoreType="JKS"
truststorePass="changeit"
example: