ACS Enterprise Protocol error

cancel
Showing results for 
Search instead for 
Did you mean: 
tariskap
Customer

ACS Enterprise Protocol error

Hello,

I'm trying to deploy ACS on Tomcat via distribution zip, but when I start Tomcat (v8.5.4), I get this error:

Spoiler
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.4
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Jul 6 2016 08:43:30 UTC
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.4.0
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Windows Server 2019
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            10.0
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             D:\THIRD_PARTY\AdoptOpenJDK\jdk-11.0.7.10-hotspot
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           11.0.7+10
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            AdoptOpenJDK
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         D:\ALFRESCO\TOMCAT
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         D:\ALFRESCO\TOMCAT
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=D:\ALFRESCO\TOMCAT\conf\logging.properties
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
12-Feb-2021 08:40:34.276 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=D:\ALFRESCO\TOMCAT
12-Feb-2021 08:40:34.291 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:\ALFRESCO\TOMCAT
12-Feb-2021 08:40:34.291 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:\ALFRESCO\TOMCAT\temp
12-Feb-2021 08:40:34.291 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library 1.2.8 using APR version 1.5.2.
12-Feb-2021 08:40:34.291 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
12-Feb-2021 08:40:34.291 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
12-Feb-2021 08:40:34.859 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized (OpenSSL 1.0.2h  3 May 2016)
12-Feb-2021 08:40:35.047 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
12-Feb-2021 08:40:35.156 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
12-Feb-2021 08:40:35.156 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
12-Feb-2021 08:40:35.375 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-openssl-nio-8443"]
 java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat does not identify a key entry
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
	at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.io.IOException: Alias name tomcat does not identify a key entry
	at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213)
	at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
	... 20 more

12-Feb-2021 08:40:35.390 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:111)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
	... 12 more
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat does not identify a key entry
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
	at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
	... 13 more
Caused by: java.io.IOException: Alias name tomcat does not identify a key entry
	at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213)
	at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79)
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
	... 20 more

My connector is configured like this:

Spoiler
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
	SSLEnabled="true" maxThreads="150" scheme="https" keystoreFile="D:/ALFRESCO/alf_data/keystore/ssl.keystore"
    keystorePass="password" keystoreType="JCEKS"
    secure="true" connectionTimeout="240000"
    truststoreFile="D:/ALFRESCO/alf_data/keystore/ssl.truststore"
    truststorePass="password" truststoreType="JCEKS" 
    clientAuth="want" sslProtocol="TLS" />

I generated my keystore and truststore with alfresco ssl generator following the steps in documentation. Also, I'm using the Http11NioProtocol instead of Http11Protocol, because it threw a ClassNotFoundException and I read online that from Tomcat 8 it should be changed to Http11NioProtocol. 

Can anybody point me towards a solution? Thanks

2 Replies
cristinamr
Intermediate

Re: ACS Enterprise Protocol error

Please share with us the steps you have followed to import the certificates.

--
Check our products: AQuA : https://aqua.venzia.es | Seidoc : https://seidoc.es
tariskap
Customer

Re: ACS Enterprise Protocol error

So firstly, I went trough steps described in Installing the Alfresco WARs, then followed to Installing and configuring Search Services with mutual TLS using the distribution zip and Generating secure keys overview.

I downloaded the alfresco ssl generator and generated certificates with a custom script where I defined a password for keystore and truststore and also changed the keysize. Then followed to Setting up your certificates and moved the keystore files to the specified locations.

As I'm writing this, I realized that on the Setting up your certificates in 4b, there is a path where alf_data is inside the tomcat folder, but I have the alf_data folder outside of tomcat folder. Can this be the problem?