This issue can occur if the
keystorePass= line in the
server.xml file contains a password that doesn't match the
clientAuth.keystore certificate for ePO.
The
server.xml file is located in the
..\\Server\conf folder. This file contains definitions for the connectors or ports that the Application Server service listens on. By default, the Application Server listens on ports
8443 and
8444, although the customer can configure the service to listen on any custom port.
Example of the connector definition for port
8443:
<Connector port="8443" truststoreType="jks" truststorePass="iB7racer2x" truststoreFile="keystore/certAuthCa.truststore" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1, TLSv1.2" sessionCacheSize="400" server="Undefined" secure="true" scheme="https" protocol="org.apache.coyote.http11.Http11NioProtocol" processorCache="500" noCompressionUserAgents="gozilla, traviata" minSpareThreads="25" maxThreads="250" maxKeepAliveRequests="500" maxHttpHeaderSize="8192" maxConnections="500" keystorePass="iB7racer2x" keystoreFile="keystore/server.keystore" id="orion.server.https" enableLookups="false" disableUploadTimeout="true" compressionMinSize="2048" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json" clientAuth="want" ciphers=" <list of ciphers>" acceptCount="100" URIEncoding="UTF-8" SSLEnabled="true"/>
Example of the connector definition for port
8444:
<Connector port="8444" truststoreType="jks" truststorePass="iB7racer2x" truststoreFile="keystore/ca.keystore" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1, TLSv1.2" sessionCacheSize="400" server="Undefined" secure="true" scheme="https" protocol="org.apache.coyote.http11.Http11NioProtocol" noCompressionUserAgents="gozilla, traviata" minSpareThreads="25" maxThreads="150" keystorePass="snowcap" keystoreFile="keystore/clientAuth.keystore" id="orion.server.clientCert" enableLookups="false" disableUploadTimeout="true" compressionMinSize="2048" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json" clientAuth="want" ciphers=" <list of ciphers>" acceptCount="100" URIEncoding="UTF-8" SSLEnabled="true"/>
Notice in the example above, you see
truststorePass= and
keystorePass= for each connector. In a working environment, the string listed for each must be the same set of characters. In a problem case, you might have a different string listed for one of the strings. In the above example, the
keystorePass= line contains the value
snowcap, possibly carried over from an older version. This value doesn't match the values for the other password strings and isn't correct. This configuration prevents ePO from successfully loading the keystore file used by the connector and ePO is unable to initialize on port 8444, causing all Data Channel communication to fail.
