eDiscovery Platform webpage fails to load, catalina log shows error "cacerts.bcfks]: no readable file, classloader resource, or this is not a resolvable URI"

book

Article ID: 100064555

calendar_today

Updated On:

Description

Error Message

The web browser shows:
image.png

 

Catalina log shows:
25-Mar-2024 13:13:50.189 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector["https-jsse-nio2-443"]]
    org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:1011)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1039)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
    Caused by: java.lang.IllegalArgumentException: Cannot obtain resource for specified location [C:\jdk-8u392-windows-x64\jdk1.8.0_392/jre/lib/security/cacerts.bcfks]: no readable file, classloader resource, or this is not a resolvable URI
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
        at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146)
        at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1332)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1345)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
        at com.teneo.esa.common.security.CustomHttp11Nio2Protocol.init(CustomHttp11Nio2Protocol.java:100)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009)
        ... 13 more
    Caused by: java.io.IOException: Cannot obtain resource for specified location [C:\jdk-8u392-windows-x64\jdk1.8.0_392/jre/lib/security/cacerts.bcfks]: no readable file, classloader resource, or this is not a resolvable URI
        at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getResource(CatalinaBaseConfigurationSource.java:112)
        at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:210)
        at org.apache.tomcat.util.net.SSLHostConfig.getTruststore(SSLHostConfig.java:775)
        at org.apache.tomcat.util.net.SSLUtilBase.getTrustManagers(SSLUtilBase.java:463)
        at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
        ... 21 more

Cause

The following are known causes for this issue:

  • Incorrectly converting the jdk cacerts from jks to bcfks format into new file cacerts.bcfks caused by improper parameters or selections for a keystore tool.
  • The cacerts.bcfks is corrupted
  • The cacerts.bcfks is missing
  • Customer reinstalled the JDKs, but the cacerts has not been converted yet so cacerts.bcfks is still considered missing.
  • Improper installation of java development kits
  • Improper/missing environment paths for java

Resolution

Steps to Repair/Create a new cacerts.bcfks file.

  1. Use Clearwell Utility, menu option 3 to stop all eDP services
  2. Open a command prompt window
  3. Document the path within the error.  Example from the above error:
    C:\jdk-8u392-windows-x64\jdk1.8.0_392/jre/lib/security
  4. Go to the folder noted in step 3
  5. If cacerts.bcfks exists, then it is likely corrupted. Move this file to a backup folder (Preferred method) or delete it.
  6. Convert the cacerts file from the JKS format to the BCFKS format and save it as cacerts.bcfks using the command:
    keytool -importkeystore -srckeystore cacerts  -srcstoretype JKS -srcstorepass changeit -destkeystore cacerts.bcfks -deststorepass changeit -deststoretype BCFKS -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
  7. Use Clearwell Commander. Select Actions, and then Copy Tomcat Provider Signed Certificates to Windows Trust Store
  8. Close Clearwell Commander
  9. Use Clearwell Utility, menu option 4 to start all eDiscovery Platform services
  10. Type: Q to quit Clearwell Utility

Note:  The above steps will create a new cacerts.bcfks file from the cacerts file.  If LDAPS is being used, then the certificate will also need to be applied to this new cacerts.bcfks file.  There is another method which involves reinstalling Java, which can be found here here

Issue/Introduction

Unable to connect a web browser to the Clearwell User Interface when attempting to administer the Appliance. The browser will display ERROR_CONNECTION_REFUSED or ERR_TIMED_OUT messages instead.

Powered by Wolken Software