on Jun 14, 2016Article Content
| Article Number | 000030310 |
| Applies To | RSA Product Set: Identity Management and Governance (IMG), Aveksa |
| Tasks | At anytime, if you ever need to remove the default server certificate (alias is 'server' and shows up in the browser as Issued to: ACM and Issued by: ACM), then you will want to: 1. Always take a backup before removing the 'server' certificate. 2. Open a duplicate putty session, and tail the aveksaServer.log. You can tail the log with the following command: tail -f /home/oracle/jboss/server/default/deploy/aveksa.ear/aveksa.war/log/aveksaServer.log What you will want to keep an eye out for, after restarting ACM when the server is coming back up, is the following error: ERROR (http-0.0.0.0-8444-Acceptor-0) [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:309) at java.lang.Thread.run(Thread.java:662) If you start seeing this error log over and over again, go to your original putty session and restore the aveksa.keystore with the backup that you took. This will restore the aveksa.keystore to the state before removing the 'server' certificate, and stop the error from logging. |