Kbase P104333: Errors (10770) and (9992) when trying to manage the WSA using Tomcat with SSL
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
17/11/2010 |
|
Status: Verified
SYMPTOM(s):
Getting an SSL Connection Failure error when attempting to access the Web Services Adapter (WSA) status from the Progress Explorer Tool
Failed to get Status for WSA: wsa1. WSA request error: SSL CONNECTION FAILURE
The following error messages can be seen in the AdminServer log file (admserv.log)
Connection failure with WSA at <WSA url> during <admin request> request, exception: <java exception> (10770)
client authentication failed: (9992)
[WebServicesAdapter] Connection failure with WSA at https://localhost:8443/wsa/wsa1 during query request, exception: https client authentication failed: Certificate Unknown (9992) (10770)
The WSA status is okay when checking it from a Web Browser via the https://localhost:8443/wsa/wsa1/ URL
WSA Web Services Status:wsa1:OK:111
Created a certificate using OpenSSL
Configured Tomcat to use the certificate previously created
Configured the Web Services Adapter (WSA) to work with a Secure Tomcat JSE via the HTTPS Protocol
The certificate was properly imported into the OpenEdge/certs directory via the mkhashfile utility
FACT(s) (Environment):
Tomcat
Web Services
OpenEdge 10.0B
CAUSE:
The binary version of the CA certificate needs to be added to the \openedge\dlc\certs\psccerts.jar file.
FIX:
Steps to add the binary version of the CA certificate:
1. Convert or generate the certificate into DER format
2. Run certutil or mkhashfile on the certificate to get the certificate alias
3. Rename the DER format certificate to alias.cer
4. Add the file to psccerts.jar by using the command jar -uf
Example:
jar -uf psccerts.jar alias.cer
Note: Please refer to Solution P122519 for more details on how to configure the WSA with a secure Tomcat configuration.