Skip to Content

Fixing https dswsbobe Internal Server error in 4.2 SP4 (trustAnchors)


just performed an upgrade from 4.2 SP3 to 4.2 SP4. Everything else is now good, with one exexception: When accessing anything under https://<bobjserver>/dswsbobje/services/... such as https://<bobjserver>/dswsbobje/services/listServices it now returns Internal Server Error.

The fix in 4.2 SP3 and prior was to add the following 2 parameters to the Java options for Tomcat:<Password>

Where the keystoreFile and Password are the same ones used in the server.xml file connector for port 443.

However, in SP4 when I add these parameters, it throws the error:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(
at org.apache.catalina.core.StandardService.initInternal(
at org.apache.catalina.startup.Bootstrap.main(
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(
at org.apache.catalina.util.LifecycleBase.init(
... 12 more
Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty at
at org.apache.coyote.http11.AbstractHttp11Protocol.init(
at org.apache.catalina.connector.Connector.initInternal(
... 13 more
Caused by: the trustAnchors parameter must be non-empty at
... 20 more

I can't find much online about this error, but the keystore file used is a 2048 bit RSA JKS keystore which is the new minimum required for SP4 and it is in the same location as it was in SP3 and is readable by Tomcat since it works fine in the server.xml.

I tried adding a third parameter for trustAnchors and it still didn't like it:

While I am not using web services at the moment, I would prefer not to leave it in a partially broken state.

Thanks in Advance.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Sep 08, 2017 at 05:34 PM

    Why would you need to add those options to Java just to get list of services when accessing dswsbobje ?

    some web services functionality does require enabling of https transports in Axis2.xml, but nothing in java opts.
    See KBA

    Do you have any docs that show why those parameters need to be added to java opts ?

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 11, 2017 at 08:14 PM

    Sorry for the late reply:

    I believe this is where I got the information from, it has been a while but ever since I have done both steps to modify the axis file and add the parameters to enable https for QaaWS since I got the error the first time a couple years ago in 4.0:

    Per the note it says: Axis2 uses a different interfacing for SSL configuration and cannot pick the SSL connector setup in the server.xml for Tomcat

    Add comment
    10|10000 characters needed characters exceeded