Fixing https dswsbobe Internal Server error in 4.2...

NTruhan · ‎2017 Sep 06

Hello,

just performed an upgrade from 4.2 SP3 to 4.2 SP4. Everything else is now good, with one exexception: When accessing anything under https://<bobjserver>/dswsbobje/services/. such as https://<bobjserver>/dswsbobje/services/listServices it now returns Internal Server Error.

The fix in 4.2 SP3 and prior was to add the following 2 parameters to the Java options for Tomcat:
-Djavax.net.ssl.trustStore=keystoreFile
-Djavax.net.ssl.trustStorePassword=<Password>

Where the keystoreFile and Password are the same ones used in the server.xml file connector for port 443.

However, in SP4 when I add these parameters, it throws the error:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
...
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:970)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
...
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
... 13 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
...
... 20 more

I can't find much online about this error, but the keystore file used is a 2048 bit RSA JKS keystore which is the new minimum required for SP4 and it is in the same location as it was in SP3 and is readable by Tomcat since it works fine in the server.xml.

I tried adding a third parameter for trustAnchors and it still didn't like it:
-Djavax.net.ssl.trustAnchors=keystoreFile

While I am not using web services at the moment, I would prefer not to leave it in a partially broken state.

Thanks in Advance.

denis_konovalov · ‎2017 Sep 08

Why would you need to add those options to Java just to get list of services when accessing dswsbobje ?

some web services functionality does require enabling of https transports in Axis2.xml, but nothing in java opts.
See KBA

https://launchpad.support.sap.com/#/notes/1809210

Do you have any docs that show why those parameters need to be added to java opts ?

NTruhan · ‎2017 Sep 11

Sorry for the late reply:

I believe this is where I got the information from, it has been a while but ever since I have done both steps to modify the axis file and add the parameters to enable https for QaaWS since I got the error the first time a couple years ago in 4.0: https://launchpad.support.sap.com/#/notes/1896549

Per the note it says: Axis2 uses a different interfacing for SSL configuration and cannot pick the SSL connector setup in the server.xml for Tomcat

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Fixing https dswsbobe Internal Server error in 4.2 SP4 (trustAnchors)

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (2)

Answers (2)