Product: TIBCO Spotfire®
TIBCO Spotfire Server configured to use HTTPS becomes unresponsive after generating troubleshooting bundle operation with "No SSLContext could be found for the host name" error
Only when the TIBCO Spotfire Server is configured for HTTPS (see Configuring HTTPS reference), the generation of a troubleshooting bundle may cause the TIBCO Spotfire Server to become unresponsive and inaccessible, which will effect users connected to that server.
This applies to the generation of a troubleshooting bundle for an individual TIBCO Spotfire Server (see Configuring a troubleshooting bundle) or to a Global Spotfire troubleshooting bundle accessed by clicking "Download global Spotfire troubleshooting bundle" on the Monitoring & Diagnostics page.
In environments with a single TIBCO Spotfire Server, the TIBCO Spotfire Server may not be accessible at all after troubleshooting bundle generation. For clustered environments with more than one TIBCO Spotfire Server, generating a troubleshooting bundle may cause that server instance to go Offline as seen in the Nodes & Services page. The other TIBCO Spotfire Servers will still be online, but overall performance may be affected.
The creation of the troubleshooting bundle will be logged in the respective TIBCO Spotfire Server server.log in DEBUG mode, like:
DEBUG 2019-03-06T07:06:57,579-0600 [troubleshooting-bundle-59984] web.controller.LogsController: Generating and returning troubleshooting bundle INFO 2019-03-06T07:06:57,579-0600 [troubleshooting-bundle-59984] spotfire.logging.TroubleshootingBundleGenerator: Creating a new troubleshooting bundle attachment with process ID 3ace7b7a-e573-4c38-b4a0-93ba4a67006e
Shortly after that in the catalina.log, the following "No SSLContext could be found for the host name" error will be seen:
06-Mar-2019 07:07:34.923 SEVERE [https-jsse-nio-443-exec-1] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun java.lang.IllegalStateException: No SSLContext could be found for the host name [foo.example.com] at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:157) at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:329) at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:175) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)This is caused by a defect that causes all TLS handshakes to fail after the generation of a troubleshooting bundle on the TIBCO Spotfire Server, causing the server to become unresponsive.
To resolve the issue, perform one of the following options depending on your TIBCO Spotfire Server version:
- Upgrade TIBCO Spotfire Server version to version 10.3 or higher.
- If you are using TIBCO Spotfire Server version 7.11, apply server hotfix TSS 7.11.2 HF-017 or higher
- For all other versions, make the following configuration changes:
For example:
<Certificate certificateKeystoreFile="./certs/example.jks"
certificateKeystorePassword="changeit"
certificateKeystoreType="jks"
certificateKeyAlias="example"
type="RSA" />
For more information see the Tomcat documentation. Doc: Configuring HTTPS Doc: Creating a troubleshooting bundle Doc: Server.xml file External: Apache Tomcat 9 Configuration Reference