Highlighted
Absent Member.
Absent Member.
652 views

RBPM4.5 - Tomcat Installation Error


Hi,

I am facing an error while 'Updating the SSL Settings for the
Application Server' after installing Tomcat/Postgresql in our
environment.

Steps performed:
- Installing Tomcat
- create keystore
- edit server.xml
- restart tomcat

2016-06-29 16:30:30,322 [main] WARN
org.apache.tomcat.util.digester.Digester-
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'keystorePass' to 'xxxxxx' did not find a matching property.
2016-06-29 16:31:15,597 [main] INFO
org.apache.coyote.http11.Http11Protocol- Initializing ProtocolHandler
["http-bio-8080"]
2016-06-29 16:31:15,628 [main] ERROR
org.apache.catalina.core.StandardService- Failed to initialize connector
[Connector[org.apache.coyote.http11Protocol-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[org.apache.coyote.http11Protocol-8443]]
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: java.lang.NullPointerException
at
org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:422)
at
org.apache.catalina.connector.Connector.getProperty(Connector.java:271)
at
org.apache.catalina.connector.Connector.createObjectNameKeyProperties(Connector.java:904)
at
org.apache.catalina.connector.Connector.getObjectNameKeyProperties(Connector.java:1096)
at
org.apache.catalina.util.LifecycleMBeanBase.initInternal(LifecycleMBeanBase.java:61)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:959)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
.... 12 more
2016-06-29 16:31:15,629 [main] INFO org.apache.coyote.ajp.AjpProtocol-
Initializing ProtocolHandler ["ajp-bio-8009"]
2016-06-29 16:31:15,631 [main] INFO
org.apache.catalina.startup.Catalina- Initialization processed in 45839
ms
2016-06-29 16:31:15,659 [main] INFO
org.apache.catalina.core.StandardService- Starting service Catalina
2016-06-29 16:31:15,659 [main] INFO
org.apache.catalina.core.StandardEngine- Starting Servlet Engine: Apache
Tomcat/7.0.55
2016-06-29 16:31:15,667 [localhost-startStop-1] INFO
org.apache.catalina.startup.HostConfig- Deploying web application
directory /opt/netiq/idm/apps/tomcat/webapps/ROOT
2016-06-29 16:31:15,754 [localhost-startStop-1] ERROR
org.apache.catalina.core.ContainerBase- ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247)
at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NullPointerException
at
org.apache.tomcat.util.IntrospectionUtils.getProperty(IntrospectionUtils.java:422)
at
org.apache.catalina.connector.Connector.getProperty(Connector.java:271)
at
org.apache.catalina.connector.Connector.getAttribute(Connector.java:290)
at
org.apache.catalina.core.ApplicationContext.populateSessionTrackingModes(ApplicationContext.java:1227)
at
org.apache.catalina.core.ApplicationContext.<init>(ApplicationContext.java:125)
at
org.apache.catalina.core.StandardContext.getServletContext(StandardContext.java:2369)
at
org.apache.catalina.core.StandardContext.postWorkDirectory(StandardContext.java:6335)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5307)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
.... 10 more
2016-06-29 16:31:15,755 [localhost-startStop-1] ERROR
org.apache.catalina.startup.HostConfig- Error deploying web application
directory /opt/netiq/idm/apps/tomcat/webapps/ROOT
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:904)

Attached the catalina log for reference.

Thanks in advance!


+----------------------------------------------------------------------+
|Filename: DEV Tomcat Iinstallation_Catalina Log.txt |
|Download: https://forums.netiq.com/attachment.php?attachmentid=459 |
+----------------------------------------------------------------------+

--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=56150

Labels (1)
0 Likes
9 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: RBPM4.5 - Tomcat Installation Error

There is some problem with your keystore.

Setting property
'keystorePass' to 'xxxxxx' did not find a matching property.


probably the password is wrong or you have a diffrent keystore password and key password.
Tomcat needs to have the same password for the key and keystore.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: RBPM4.5 - Tomcat Installation Error


The keystore and key password both are same. The issue persists


--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=56150

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: RBPM4.5 - Tomcat Installation Error

On 6/30/16 6:44 AM, neha gupta wrote:
>
> The keystore and key password both are same. The issue persists
>
>

Greetings,
Are you using any special characters?

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: RBPM4.5 - Tomcat Installation Error


No, There are no special character been used in keystore name, password,
alias, anywhere.


--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=56150

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: RBPM4.5 - Tomcat Installation Error

On 6/30/2016 7:36 AM, neha gupta wrote:
>
> No, There are no special character been used in keystore name, password,
> alias, anywhere.
>
>

Can you post the result of:

keytool -keystore /path/to/keystore -storepass -list -v

I.e. do you really have a private key in there? 🙂
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: RBPM4.5 - Tomcat Installation Error


geoffc;269285 Wrote:
> On 6/30/2016 7:36 AM, neha gupta wrote:
> >
> > No, There are no special character been used in keystore name,

> password,
> > alias, anywhere.
> >
> >

> Can you post the result of:
>
> keytool -keystore /path/to/keystore -storepass -list -v
>
> I.e. do you really have a private key in there? 🙂


The requested output is as below:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: devidamkey
Creation date: Jun 30, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx
Issuer: CN=xxx, OU=xxx, O=xxx, L=xxx, ST=xxx, C=xxx
Serial number: 69e4fc17
Valid from: Thu Jun 30 06:44:09 EDT 2016 until: Sun Jun 28 06:44:09 EDT
2026
Certificate fingerprints:
MD5: C5:6B:DB:A8:3C:7E:F5:19:E9:E2:90:A2:AD:A3:EB:F7
SHA1:
0C:33:9D:C3:5B:72:4E:B7:8E:A1:67:EC:2F:31:62:C9:07:28:87:DC
SHA256:
BD:F3:AD:BF:75:A9:31:5F:40:E7:26:18:3E:31:FB:19:42:B0:C7:97:6B:A9:8A:71:0E:18:BB:FC:98:1E:3C:EF
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B6 FF BF 9C EF 2D 75 B6 ED B3 8E B4 97 AA 7D AB
......-u.........
0010: 4F 33 D7 79 O3.y
]
]



*******************************************
*******************************************


--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=56150

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: RBPM4.5 - Tomcat Installation Error

On 6/30/2016 8:26 AM, neha gupta wrote:
> Entry type: PrivateKeyEntry


This was the key thing I wanted to see. There really is a private key
in there. 🙂

Now having said that, in your tomcat server.xml you specify the proper
alias name? Silly Q, but you never know...

Perhaps show us the server.xml directive for HTTPS? (Change the
password value, but do not obscure the keyname or alias or whatever the
command is in Tomcat).

Also, is that a self signed cert?

You should also import into there the trusted root from your OSP cert,
(if different than Tomcat), and the eDir CA. You need all three.

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: RBPM4.5 - Tomcat Installation Error

On 6/30/2016 9:53 AM, Geoffrey Carman wrote:
> On 6/30/2016 8:26 AM, neha gupta wrote:
>> Entry type: PrivateKeyEntry

>
> This was the key thing I wanted to see. There really is a private key
> in there. 🙂
>
> Now having said that, in your tomcat server.xml you specify the proper
> alias name? Silly Q, but you never know...
>
> Perhaps show us the server.xml directive for HTTPS? (Change the
> password value, but do not obscure the keyname or alias or whatever the
> command is in Tomcat).
>
> Also, is that a self signed cert?
>
> You should also import into there the trusted root from your OSP cert,
> (if different than Tomcat), and the eDir CA. You need all three.


And your eDir keystore
(/opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts
possibly) will need the trustedroot of the OSP, Tomcat keys as well).

/opt/novell/eDirectory/lib64/nds-modules/jre/bin/keytool -keystore
/opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts
-storepass changeit -import -alias osp-public -trustcacerts -file
/path/to/exported/publicKey

(Also I forget now if cacerts storepass is default or changeit, one of
those mornings).





0 Likes
Highlighted
Absent Member.
Absent Member.

Re: RBPM4.5 - Tomcat Installation Error


geoffc;269293 Wrote:
> On 6/30/2016 9:53 AM, Geoffrey Carman wrote:
> > On 6/30/2016 8:26 AM, neha gupta wrote:
> >> Entry type: PrivateKeyEntry

> >
> > This was the key thing I wanted to see. There really is a private

> key
> > in there. 🙂
> >
> > Now having said that, in your tomcat server.xml you specify the

> proper
> > alias name? Silly Q, but you never know...
> >
> > Perhaps show us the server.xml directive for HTTPS? (Change the
> > password value, but do not obscure the keyname or alias or whatever

> the
> > command is in Tomcat).
> >
> > Also, is that a self signed cert?
> >
> > You should also import into there the trusted root from your OSP

> cert,
> > (if different than Tomcat), and the eDir CA. You need all three.

>
> And your eDir keystore
> (/opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts
> possibly) will need the trustedroot of the OSP, Tomcat keys as well).
>
> /opt/novell/eDirectory/lib64/nds-modules/jre/bin/keytool -keystore
> /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts
> -storepass changeit -import -alias osp-public -trustcacerts -file
> /path/to/exported/publicKey
>
> (Also I forget now if cacerts storepass is default or changeit, one of
> those mornings).


Thanks for everyone's analysis.

The cause of issue was the SSL Protocol parameter in tomcat/conf
'serevr.xml'. The same was corrected and the issue is resolved.


--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=56150

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.