Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

Identity Governance 12.6.5 Application is not coming up after enabling SSL

  • 1.  Identity Governance 12.6.5 Application is not coming up after enabling SSL

    Posted Jun 23, 2017 10:31 AM

    Hi Team,

    I installed SSL certificate on my IG application ,after that application is not coming up ,and also its not giving any error .The webpage keeps rotating for days and still there is no error.

    My server is windows server 2012 R2, Identity Governance 12.6.5 JDK version 1.6.0_45

    Stop Jboss

    Below is the information what i have done .

    Created a key store fiel called "server.keystore" with password changeit

    rise a CSR request by using java key tool

    downloaded the SSL certificate form and imported in to the keystore

    verified that correct certificate in the key store

    install certifcate in windows "Local Machine-Personal store "

    copy paste SSL certifcate to "C:\Program Files\Java\jdk1.6.0_45\jre\lib\security"

    edit E:\CA\RCM\Server\eurekify-jboss\server\eurekify\deploy\jbossweb.sar\server.xml file made correct chnages to enable SSL

    See attched XML file,boot.log and eurekify.log .


    Started Jboss.

    Note: Application still will work (Without SSL) if i change server.xml  file to default one which i backed up before the changes being made.

    Can somebody please help me to figure this out ?

     

    Thanks In advance .

     

    Sajeesh

    Attachment(s)

    zip
    server.xml.zip   2 KB 1 version
    zip
    eurekify.log.zip   10 KB 1 version
    zip
    boot.log.zip   33 KB 1 version


  • 2.  Re: Identity Governance 12.6.5 Application is not coming up after enabling SSL
    Best Answer

    Broadcom Employee
    Posted Jun 24, 2017 09:29 AM

    Hi,

     

    I could enable SSL in 12.6.5 and server is coming up with out any issue , did a qucik test by following the same documentation steps
    https://docops.ca.com/ca-identity-governance/12-6-05/EN/installing/install-on-an-ibm-websphere-cluster/configure-ssl-encrypted-communication/obtain-a-digital-certificate
    https://docops.ca.com/ca-identity-governance/12-6-05/EN/installing/install-on-an-ibm-websphere-cluster/configure-ssl-encrypted-communication

     

    In the eurekify logs, I could find error as 
    java.lang.Exception: No Certificate file specified or invalid file format

    Please verify all the steps by the documentation. If you still facing the issue please follow the suggestion by google in the following link and try.
    [Tomcat-users] java.lang.Exception: No Certificate file specified or invalid file format ? - Grokbase 

     

    All it is saying this link is change the following line in server.xml

     

    From:

    <Connector protocol="HTTP/1.1" port="8443" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="E:\CA\RCM\Server\eurekify-jboss\server\eurekify\conf\server.keystore"
    keystorePass="changeit"
    />

     

    TO:


    <Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="E:\CA\RCM\Server\eurekify-jboss\server\eurekify\conf\server.keystore"
    keystorePass="changeit"
    />