cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLD is not starting because of certificate

former_member672905
Member

on ‎2020 Mar 20 2:16 PM

0 Kudos
1,328

Hallo

I am running SBO for HANA on SLES12 SP3.

After installing a new certificate generated with `https_certificate_generator.sh` and installed with `update_https_certificate.sh` sapb1servertools won't start.

Here is from the Catalina log:

20-Mar-2020 09:11:06.880 WARNING [localhost-startStop-1] org.apache.catalina.core.NamingContextListener.addResource Failed to register in JMX: [javax.naming.NamingException: Unexpected exception resolving reference [Root exception is com.sap.b1.sld.cipher.CipherException: com.sap.b1.sld.cipher.CipherException: Input length must be multiple of 16 when decrypting with padded cipher]]
20-Mar-2020 09:11:06.883 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
20-Mar-2020 09:11:07.007 WARNING [localhost-startStop-1] org.apache.naming.NamingContext.lookup Unexpected exception resolving reference
 com.sap.b1.sld.cipher.CipherException: com.sap.b1.sld.cipher.CipherException: Input length must be multiple of 16 when decrypting with padded cipher
	at com.sap.b1.sld.cipher.DataProtector.unprotect(DataProtector.java:70)
	at com.sap.b1.sld.cipher.adapter.StringCipherAdapter.decrypt(StringCipherAdapter.java:28)
	at com.sap.b1.sld.cipher.adapter.StringCipherAdapter.decrypt(StringCipherAdapter.java:7)
	at org.apache.tomcat.dbcp.dbcp.EncryptDataSourceFactory.createDataSource(Unknown Source)

And when I now check `/etc/init.d/sapb1servertools status`:

Checking for SAP BusinessOne ServerTools (/usr/sap/SAPBusinessOne/Common/tomcat)
Running with PID 25874
● sapb1servertools.service - LSB: SAP BusinessOne ServerTools
   Loaded: loaded (/etc/init.d/sapb1servertools; bad; vendor preset: disabled)
   Active: active (exited) since Fri 2020-03-20 09:10:58 SAST; 7h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 25437 ExecStop=/etc/init.d/sapb1servertools stop (code=exited, status=0/SUCCESS)
  Process: 25690 ExecStart=/etc/init.d/sapb1servertools start (code=exited, status=0/SUCCESS)

I have tried with self-signed certs generated with openssl and keytool. I have tried with commercial certs.

I would appreciate some guidance on how to fix this.

Thanks

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

nidhisingh14
Product and Topic Expert
Product and Topic Expert
‎2023 Nov 01 9:35 AM

Hi jbbot

Please check if the certificate in SLD and in Keycloak are the same one,

- Login SLD via https://yourserver:40000/sld/sld0100.svc

Is there unsecure message? Click to show the details for certificate

- Login keycloak via https://yourserver:40020/auth/

Is there unsecure message? Click to show the details for certificate

  1. If they are not the same one,

Then Root cause is that - certificate of keycloak was not update successfully after reconfiguration, but certificate of SLD was updated

The workaround is updating the certificate of keycloak manually, follow guide: keycloak replace the certificate-2.docx

Hope it helps.

If still having issue, please create incident using component SBO-BC-SLD.

Thank You.

Kind Regards
Nidhi Singh

Show replies
Show replies
CKSTS
Discoverer
‎2025 Apr 17 2:54 PM
0 Kudos
Link to guide is dead, see SAP Note 3369379 Instead.
sarumanb1
Explorer
‎2023 Oct 31 7:27 PM
0 Kudos

Hi Berry,

Did you ever get this resolved ?

Thanks!

Show replies
Show replies
Ask a Question