Environment
Micro Focus Filr 3.0
Situation
When attempting to access the Filr port 9443 Appliance Console, the error "Secure Connection Failed" appears.
Attempting to access the Filr port 8443 Administration Console also fails (may simply time out).
PING and TELNET to the Filr server IP address are successful.
Resolution
1. From the Filr server's console:
Verify that the Filr server has not run out of disk space
Check storage using the command
df -m
Check inodes using the command
If either of these commands indicate a problem with available resources, correct the problem and retest.df -i
2. From the Filr server's console:
Restart services
rcnovell-datamodel-service restartrcnovell-jetty restart
After executing these commands, retest.
If the above steps do not resolve the problem, review the Filr logs for possible errors:
/var/opt/novell/tomcat-filr/logs/appserver.log/var/opt/novell/tomcat-filr/logs/catalina.out
In the catalina.out log file, look for an error such as:
java.lang.Exception: Unable to load certificate key /vastorage/conf/certs/vaserver.key (error:02001002:system library:fopen:No such file or directory)
If this error appears, the self-signed certificate is either missing or corrupt.
You can check the condition of the certificate itself by executing the command:
keytool -list -v -keystore /vastorage/conf/certs/keystore
You will be prompted for a password. It is "changeit". If the output is empty or corrupt, you need to re-create the self-signed certificate.
Follow these steps to re-create the certificate:
If needed (i.e. if the SSH service is not already running), start SSH by running the following command at the Filr server terminal through a VMware tool:
rcsshd start
Paste the following string of commands in a terminal session (using putty or another tool):
rcfilr stop;rcnovell-jetty stop;mv /vastorage/conf/certs/keystore /vastorage/conf/certs/keystore-backup;mv /vastorage/conf/certs/keystore.db /vastorage/conf/certs/keystore.backup;wget -P /tmp https://support.microfocus.com/kb/knova/images/va_firstboot_setupCerts.sh;chmod +x /tmp/va_firstboot_setupCerts.sh;/tmp/va_firstboot_setupCerts.sh;rcnovell-jetty start;rcfilr start
The above command does the following:
- Stops the Filr service
- Stops the Jetty service
- Backs up the /vastorage/conf/certs/keystore file
- Backs up the /vastorage/conf/certs/keystore.db file
- Gets the va_firstboot_setupCerts.sh script from Micro Focus
- Sets the va_firstboot_setupCerts.sh script as executable
- Executes the va_firstboot_setupCerts.sh script
- Starts the Jetty service
- Starts the Filr service
Third-Party Certificates
After establishing the self-signed certificate by running the above string of commands, you can add a third-party certificate, if desired. When configuring the third-party certificate, retain the self-signed_cert configuration within the Path: Port 9443 Appliance Console > Digital Certificates icon > Web Application Certificates list. When adding a third-party certificate, be sure to set the new third party certificate as "Active".
Cause
This problem could be the result of:
- Uploading a new certificate and rebooting the server prior to setting the new certificate as Active.
- The server powered up after a power outage. "Secure Connection Failed" is returned when attempting to load Secure HTTP pages.
- Some other problems with certificates.