Issue with Renewing SSL JKS Cert on Tomcat9 for MicroStrategy BI Tool

Question

I was told to update the MicroStrategy SSL Cert for tomcat9.

I'm also not able to restore back the SSL to it's previous certificate. The site will not come back up.

Catalina.out logs.

[main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [maxThreads] to [150]
31-Aug-2023 23:37:18.562 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [SSLEnabled] to [true]
31-Aug-2023 23:37:18.562 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [clientAuth] to [false]
31-Aug-2023 23:37:18.562 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
31-Aug-2023 23:37:18.567 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslEnabledProtocols] to [TLSv1.2,TLSv1.1,TLSv1]
31-Aug-2023 23:37:18.567 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystorePass] to [**********]
31-Aug-2023 23:37:18.567 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystoreFile] to [/usr/local/tomcat9/mstr.johndoe.com.jks]

Have just changed the above domain name for privacy reasons and masked the keystorepass.

server.xml file under usr/local/tomcat9/conf
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" keystorePass="********" keystoreFile="/usr/local/tomcat9/mstr.johndoe.com.jks" />

Have masked the above password for security reasons.

the process was to change the keystore password in the server.xml file in the tomcat9/conf directory and to copy over the jks cert file to the location under /usr/local/tomcat9.

Did the above which did not renew the SSL. the web url went down and am not able to bring the interface back up. Although the tomcat9 server is up and running with no errors.

used the openssl pkcs12 and keytool commands to create the .jks cert

Answer 1

I had similar issues after move tomcat9 -> tomcat10. In the log file there were same errors. Then I recognized configuration changed - certificate part is now moved to subsection SSLHostConfig->Certificate also key names changed to certificateKeystoreFile and certificateKeystorePassword:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true"
           scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS">
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="/etc/tomcat10/keystore/tomcat.jks"
                     certificateKeystorePassword="******"
                     type="RSA"
                     />
    </SSLHostConfig>
</Connector>

Maybe it's not your case, however error messages were same.