Protocol supported CLM 6.0 when running tomcat as a windows service
Hi!
I have configured Apache Tomcat server to run as a Windows service, after that I start the service and CLM starts correctly, but, when I call the application by browser(https:localhost:9443/jts for example) I receive a message "this page can’t be displayed" with the error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH".
The application works fine when I start by "server.startup.bat"
In the log file, I see the mesage below:
Aug 24, 2015 4:26:11 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9080"]
Aug 24, 2015 4:26:11 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Aug 24, 2015 4:26:12 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getEnableableProtocols
WARNING: None of the SSL protocols specified are supported by the SSL engine : [${jazz.connector.sslEnabledProtocols}]
Aug 24, 2015 4:26:12 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-9009"]
Aug 24, 2015 4:26:12 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2627 ms
Anyone have any ideas or know what is going on?
|
Accepted answer
Bruno, I think this is another case where the JRE cannot read the Windows environment variables properly. If you read the error message carefully, you will notice that ${jazz.connector.sslEnabledProtocols} took no value at all. To resolve the problem, you have to set the values in the Tomcat server.xml file rather than in the service panel. Also note that CLM installation always bundles its own JRE, so you can't really say that there is no Java installed. To see details of similar cases, check out the below post.
https://jazz.net/forum/questions/177826/rtc-502-tomcat-service-error Bruno Fagundes selected this answer as the correct answer
|
One other answer
Thanks Donald and Lily for your help!
I changed the following server.xml parameters in bold:
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="${jazz.connector.algorithm}" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"/>
The old value was: sslEnabledProtocols="${jazz.connector.sslEnabledProtocols}"
The problem was solved!
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
Hi Bruno, do you have a link or other document on the steps you took?
Yes Antoinette, I follow the steps on the link below:
In the link you provided, there's a typo error in step 8 which is:
-Djazz.connector.sslEnasbledProtocol=TLSv1.2
If you open the "server.startup.bat" you will see:
-Djazz.connector.sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Please try to use the same setting as the "server.startup.bat".
Thanks Lily, for pointing that out.
I opened Typo in com.ibm.jazz.install.doc/topics/t_run_rqm64_win_service.html makes running Tomcat as a Windows service fail. (366701)