https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510946#M97830 <P>I'd say time to raise this to SAP via Support Incident. Need a proper investigation.</P> Wed, 13 Sep 2017 17:24:09 GMT denis_konovalov 2017-09-13T17:24:09Z https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaq-p/510943 <P>Hello,</P> <P>just performed an upgrade from 4.2 SP3 to 4.2 SP4. Everything else is now good, with one exexception: When accessing anything under <A href="https://&lt;bobjserver&gt;/dswsbobje/services/" target="test_blank">https://&lt;bobjserver&gt;/dswsbobje/services/</A>. such as <A href="https://&lt;bobjserver&gt;/dswsbobje/services/listServices" target="test_blank">https://&lt;bobjserver&gt;/dswsbobje/services/listServices</A> it now returns Internal Server Error.</P> <P>The fix in 4.2 SP3 and prior was to add the following 2 parameters to the Java options for Tomcat:<BR />-Djavax.net.ssl.trustStore=keystoreFile<BR />-Djavax.net.ssl.trustStorePassword=&lt;Password&gt;<STRONG><BR /></STRONG></P> <P>Where the keystoreFile and Password are the same ones used in the server.xml file connector for port 443.</P> <P>However, in SP4 when I add these parameters, it throws the error:</P> <P>SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]<BR />org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]<BR /> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)<BR /> at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)<BR />...<BR /> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)<BR />Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed<BR /> at org.apache.catalina.connector.Connector.initInternal(Connector.java:970)<BR /> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)<BR /> ... 12 more<BR />Caused by: java.lang.IllegalArgumentException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)<BR /> at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)<BR />...<BR /> at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)<BR /> at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)<BR /> ... 13 more<BR />Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)<BR />...<BR /> ... 20 more</P> <P>I can't find much online about this error, but the keystore file used is a 2048 bit RSA JKS keystore which is the new minimum required for SP4 and it is in the same location as it was in SP3 and is readable by Tomcat since it works fine in the server.xml.</P> <P>I tried adding a third parameter for trustAnchors and it still didn't like it:<BR />-Djavax.net.ssl.trustAnchors=keystoreFile</P> <P>While I am not using web services at the moment, I would prefer not to leave it in a partially broken state.</P> <P>Thanks in Advance.</P> <P><STRONG></STRONG></P> Wed, 06 Sep 2017 20:49:11 GMT https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaq-p/510943 NTruhan 2017-09-06T20:49:11Z https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510944#M97828 <P>Why would you need to add those options to Java just to get list of services when accessing dswsbobje ?</P> <P>some web services functionality does require enabling of https transports in Axis2.xml, but nothing in java opts. <BR />See KBA </P> <P><A href="https://launchpad.support.sap.com/#/notes/1809210">https://launchpad.support.sap.com/#/notes/1809210</A></P> <P>Do you have any docs that show why those parameters need to be added to java opts ?</P> Fri, 08 Sep 2017 17:34:57 GMT https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510944#M97828 denis_konovalov 2017-09-08T17:34:57Z https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510945#M97829 <P>Sorry for the late reply:</P> <P>I believe this is where I got the information from, it has been a while but ever since I have done both steps to modify the axis file and add the parameters to enable https for QaaWS since I got the error the first time a couple years ago in 4.0: <A href="https://launchpad.support.sap.com/#/notes/1896549" target="test_blank">https://launchpad.support.sap.com/#/notes/1896549</A></P> <P><BR />Per the note it says: Axis2 uses a different interfacing for SSL configuration and cannot pick the SSL connector setup in the server.xml for Tomcat</P> Mon, 11 Sep 2017 20:14:28 GMT https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510945#M97829 NTruhan 2017-09-11T20:14:28Z https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510946#M97830 <P>I'd say time to raise this to SAP via Support Incident. Need a proper investigation.</P> Wed, 13 Sep 2017 17:24:09 GMT https://community.sap.com/t5/technology-q-a/fixing-https-dswsbobe-internal-server-error-in-4-2-sp4-trustanchors/qaa-p/510946#M97830 denis_konovalov 2017-09-13T17:24:09Z