Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Problem with SSL configuration for BOE XI 3.0 and Tomcat WAS

We are setting up SSL on BOE XI 3.0 with Tomcat web application server on AIX 5.3. We followed the instruction given in the BOE Administrator's Guide "Configuring servers for SSL" from page 261-266. After creating the certificates and keys, we restarted the Server Intelligent Agent and trying to start tomcat in https mode. The documentation for J2EE Web Application is not much detail and just instructs to add following options in the JAVA_OTS,

-Dbusinessobjects.orb.oci.protocol=ssl -DcertDir=d:\ssl

-DtrustedCert=cacert.der -DsslCert=clientcert.der -DsslKey=client.key

-Dpassphrase=passphrase.txt

Problem 1

clientcert.der and client.key files are not mentioned anywhere in the admin guide till this command. We are guessing these are the servercert.der and server.key created in the earlier steps. Does anyone know if we have any other documentation that gives more clarification on tomcat SSL setup for BOE XI 3.0?

and client.key files are not mentioned anywhere in the admin guide till this command. We are guessing these are the servercert.der and server.key created in the earlier steps. Does anyone know if we have any other documentation that gives more clarification on tomcat SSL setup for BOE XI 3.0?

Problem 2

After restarting the Tomcat the https is not working and we are getting the following error message on catalina.out file. The KeyManagerFactory is in the jsse.jar file which is present in Windows installations under <installdir>/bobje/jdk/jre/lib. But on AIX installation none of the JSSE jar files (jsse.jar, jcert.jar, jnet.jar) required for Tomcat are present. Are these files necessary? Is there any other location where we can grab these files from? Does anyone know where to download these jar files for AIX?

SEVERE: Error starting endpoint

java.io.IOException: SunX509 KeyManagerFactory not available

at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)

at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)

at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312)

at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150)

at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75)

at org.apache.catalina.connector.Connector.start(Connector.java:1089)

at org.apache.catalina.core.StandardService.start(StandardService.java:459)

at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)

at org.apache.catalina.startup.Catalina.start(Catalina.java:551)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:615)

at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)

Sep 5, 2008 12:46:28 PM org.apache.catalina.startup.Catalina start

SEVERE: Catalina.start:

LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: SunX509 KeyManagerFac

tory not available

at org.apache.catalina.connector.Connector.start(Connector.java:1096)

at org.apache.catalina.core.StandardService.start(StandardService.java:459)

at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)

at org.apache.catalina.startup.Catalina.start(Catalina.java:551)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:615)

at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)

Sep 5, 2008 12:46:28 PM org.apache.catalina.startup.Catalina start

INFO: Server startup in 46678 ms

replied

To be able to use SSL on AIX, you need to add the SSL factory class to the tomcat server configuration

<Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0"

scheme="https" secure="true" clientAuth="false"

sslProtocol="SSL" keystorePass="xxxxxt" keystoreFile="/yyyyyy/xxx.cert">

<Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"

clientAuth="false" protocol="SSL" algorithm="IbmX509" />

</Connector >

Regards,

Patrick

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question