Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Spotfire Server fails to start when a new TLS certificate is used

Kisiel, Pawel
  • Updated

Keywords: TIBCO Spotfire Server, HTTPS, certificate, TLS, SSL

Problem:

The following error can be found in <TIBCO-Home>\tss\<version>\tomcat\logs\catalina.log:

INFO 2023-05-18T21:14:24,609+0000 [] coyote.http11.Http11NioProtocol: Initializing ProtocolHandler ["https-jsse-nio-443"]
ERROR 2023-05-18T21:14:25,017+0000 [] catalina.util.LifecycleBase: Failed to initialize component [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
       at org.apache.catalina.connector.Connector.initInternal(Connector.java:1049) ~[?:?]
       at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) ~[?:?]
       at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556) ~[?:?]
       ...
Caused by: java.lang.IllegalArgumentException: Alias name [spotfire] does not identify a key entry
       at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[?:?]
       at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[?:?]
       at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:233) ~[?:?]
       ... 13 more
Caused by: java.io.IOException: Alias name [spotfire] does not identify a key entry
       at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:335) ~[?:?]
       at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245) ~[?:?]
       at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[?:?]
       at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[?:?]
       ...
 

Solution:

This problem could be caused by incorrectly merged certificate parts using openssl pkcs12 command. Certificate keystore file can be successfully created and it can contain correct alias name, but Spotfire Server will fail to start if any part of the certificate is missing in the file. To resolve the issue, these two commands need to be executed correctly:
 

openssl pkcs12 -export -in <spotfire-cert.pem> -inkey <spotfire-private-key.pem> -out <spotfire_cert.p12> -name spotfire -password <password> -CAfile fullchain.pem -caname "Full Chain Authority"

 

keytool -importkeystore -deststorepass <password> -destkeypass <password> -deststoretype pkcs12 -alias spotfire -srckeystore <spotfire_cert.p12> -srcstoretype PKCS12 -srcstorepass <password> -destkeystore spotfire.p12

 

Reference: 

https://www.openssl.org/docs/man1.0.2/man1/pkcs12.html

https://support.revvitysignals.com/hc/en-us/articles/4453586718996

 

Related articles