cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem with SSL configuration for BOE XI 3.0 and Tomcat WAS

Go to solution
Former Member

on ‎09-05-2008 7:09 PM

0 Kudos

We are setting up SSL on BOE XI 3.0 with Tomcat web application server on AIX 5.3. We followed the instruction given in the BOE Administrator's Guide "Configuring servers for SSL" from page 261-266. After creating the certificates and keys, we restarted the Server Intelligent Agent and trying to start tomcat in https mode. The documentation for J2EE Web Application is not much detail and just instructs to add following options in the JAVA_OTS,

-Dbusinessobjects.orb.oci.protocol=ssl -DcertDir=d:\ssl

-DtrustedCert=cacert.der -DsslCert=clientcert.der -DsslKey=client.key

-Dpassphrase=passphrase.txt

Problem 1

clientcert.der and client.key files are not mentioned anywhere in the admin guide till this command. We are guessing these are the servercert.der and server.key created in the earlier steps. Does anyone know if we have any other documentation that gives more clarification on tomcat SSL setup for BOE XI 3.0?

and client.key files are not mentioned anywhere in the admin guide till this command. We are guessing these are the servercert.der and server.key created in the earlier steps. Does anyone know if we have any other documentation that gives more clarification on tomcat SSL setup for BOE XI 3.0?

Problem 2

After restarting the Tomcat the https is not working and we are getting the following error message on catalina.out file. The KeyManagerFactory is in the jsse.jar file which is present in Windows installations under <installdir>/bobje/jdk/jre/lib. But on AIX installation none of the JSSE jar files (jsse.jar, jcert.jar, jnet.jar) required for Tomcat are present. Are these files necessary? Is there any other location where we can grab these files from? Does anyone know where to download these jar files for AIX?

SEVERE: Error starting endpoint

java.io.IOException: SunX509 KeyManagerFactory not available

at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)

at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)

at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)

at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150)

at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75)

at org.apache.catalina.connector.Connector.start(Connector.java:1089)

at org.apache.catalina.core.StandardService.start(StandardService.java:459)

at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)

at org.apache.catalina.startup.Catalina.start(Catalina.java:551)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:615)

at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)

Sep 5, 2008 12:46:28 PM org.apache.catalina.startup.Catalina start

SEVERE: Catalina.start:

LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: SunX509 KeyManagerFac

tory not available

at org.apache.catalina.connector.Connector.start(Connector.java:1096)

at org.apache.catalina.core.StandardService.start(StandardService.java:459)

at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)

at org.apache.catalina.startup.Catalina.start(Catalina.java:551)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:615)

at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)

Sep 5, 2008 12:46:28 PM org.apache.catalina.startup.Catalina start

INFO: Server startup in 46678 ms

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

pmelli
Product and Topic Expert
Product and Topic Expert
‎09-07-2008 12:06 PM
0 Kudos

To be able to use SSL on AIX, you need to add the SSL factory class to the tomcat server configuration

<Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0"

scheme="https" secure="true" clientAuth="false"

sslProtocol="SSL" keystorePass="xxxxxt" keystoreFile="/yyyyyy/xxx.cert">

<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"

clientAuth="false" protocol="SSL" algorithm="IbmX509" />

</Connector >

Regards,

Patrick

Show replies
Show replies
Former Member
‎11-05-2008 8:29 PM
0 Kudos

Hi Patrick Melli.

I have the same problem but in Windows.

I follow all the steps of the manual and when i try https://localhost:8443

It give me one error.

i think that its a server.xml configuration problem but i can find the solution.

thanks!!!

Answers (0)

Ask a Question