trust store property not set error in yellowfin.log
I am new to the communities here and looking for some troubleshooting assistance. We recently installed the Yellowfin Live Reporting Agent v7.4.8 for BMC TrueSight Server Automation. I have been having nothing but difficulty trying to get the YF server to communicate with TSSA and LDAP.
In the yellowfin-stderr.log file I see numerous occurrences of this error:
LDAPException: SSL Configuration Issue, javax.net.ssl.trustStore property not set (80) Other
The server.xml file looks like this:
<Connector port="8443" prot
SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" maxHttpHeaderSize="98304" maxThreads="150" sslEnabledProtocols="TLSv1.2"
minSpareThreads="25" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" URIEncoding="UTF-8"
keystoreFile="${catalina.home}/conf/.keystore"
ciphers="TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA"
keystorePass="********"
truststoreFile="E:\Apps\BMC_Software\Live_Reporting\jre\lib\security\cacerts"
truststorePass="*********"
/>
I also tried using this method:
<Connector port="8443" prot
maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" maxSwallowSize="-1"
scheme="https" secure="true" honorCipherOrder="true" maxHttpHeaderSize="98304"
minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100">
<SSLHostConfig certificateVerification="none" protocols="TLSv1.2"
truststoreFile="E:\Apps\BMC_Software\Live_Reporting\jre\lib\security\cacerts" sslProtocol="TLS"
ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_anon_WITH_AES_128_CBC_SHA,TLS_ECDH_anon_WITH_AES_256_CBC_SHA">
<Certificate certificateKeystoreFile="E:\Apps\BMC_Software\Live_Reporting\Yellowfin\appserver\conf\.keystore" />
</SSLHostConfig>
</Connector>
From all I have learned about configuring Tomcat, I cannot understand why Yellowfin thinks that the Trust Store property is not set. It's entirely possible that there's another file with settings that needs to be modified, but I'm not aware of it.
I could really use some guidance.
Thanks!
Greg
The same question
Hi Greg,
Welcome to the Yellowfin Community! Thanks for reaching out with your question.
I would recommend setting your trust store using JVM arguments as opposed to directly in the Connector. The method in which to add these will depend on whether Yellowfin is installed as a Windows service, or hosted without a service file (Linux or Windows). The lines that will need added to the JVM arguments are as follows:
Replacing the values of the path and password with those relevant to your environment. Following are instructions on how to add these, dependent on your setup.
Windows Service
For a Windows Service, we will need to adjust the service properties. This can be done by opening a command prompt within the <YellowfinInstall>/appserver/bin/ folder and issuing the following command:
where our default service name is typically Yellowfin. As you're using this as a component of Truesight Server Automation, you'll want to verify what your service name is. This should pop up the service properties. Here you'll find the "Java Options" box on the "Java" tab:The required arguments can be added here to enable the trust store. Keep in mind these won't be recognized until the next startup.
No Windows Service
For deployments that are not using a Windows Service to control the application server, the above can be added to a file within the <YellowfinInstall>/appserver/bin folder.
It's recommended to create a "setenv.bat" file (or setenv.sh for Linux) to add any custom arguments. These can be pasted as they are above into a file here and Tomcat will pick up the new arguments on next boot.
Give this a try and let me know how it goes.
Thanks,
Ryan
Hi Greg,
Welcome to the Yellowfin Community! Thanks for reaching out with your question.
I would recommend setting your trust store using JVM arguments as opposed to directly in the Connector. The method in which to add these will depend on whether Yellowfin is installed as a Windows service, or hosted without a service file (Linux or Windows). The lines that will need added to the JVM arguments are as follows:
Replacing the values of the path and password with those relevant to your environment. Following are instructions on how to add these, dependent on your setup.
Windows Service
For a Windows Service, we will need to adjust the service properties. This can be done by opening a command prompt within the <YellowfinInstall>/appserver/bin/ folder and issuing the following command:
where our default service name is typically Yellowfin. As you're using this as a component of Truesight Server Automation, you'll want to verify what your service name is. This should pop up the service properties. Here you'll find the "Java Options" box on the "Java" tab:The required arguments can be added here to enable the trust store. Keep in mind these won't be recognized until the next startup.
No Windows Service
For deployments that are not using a Windows Service to control the application server, the above can be added to a file within the <YellowfinInstall>/appserver/bin folder.
It's recommended to create a "setenv.bat" file (or setenv.sh for Linux) to add any custom arguments. These can be pasted as they are above into a file here and Tomcat will pick up the new arguments on next boot.
Give this a try and let me know how it goes.
Thanks,
Ryan
Hi Greg,
Welcome to the Yellowfin Community! Thanks for reaching out with your question.
I would recommend setting your trust store using JVM arguments as opposed to directly in the Connector. The method in which to add these will depend on whether Yellowfin is installed as a Windows service, or hosted without a service file (Linux or Windows). The lines that will need added to the JVM arguments are as follows:
Replacing the values of the path and password with those relevant to your environment. Following are instructions on how to add these, dependent on your setup.
Windows Service
For a Windows Service, we will need to adjust the service properties. This can be done by opening a command prompt within the <YellowfinInstall>/appserver/bin/ folder and issuing the following command:
where our default service name is typically Yellowfin. As you're using this as a component of Truesight Server Automation, you'll want to verify what your service name is. This should pop up the service properties. Here you'll find the "Java Options" box on the "Java" tab:The required arguments can be added here to enable the trust store. Keep in mind these won't be recognized until the next startup.
No Windows Service
For deployments that are not using a Windows Service to control the application server, the above can be added to a file within the <YellowfinInstall>/appserver/bin folder.
It's recommended to create a "setenv.bat" file (or setenv.sh for Linux) to add any custom arguments. These can be pasted as they are above into a file here and Tomcat will pick up the new arguments on next boot.
Give this a try and let me know how it goes.
Thanks,
Ryan
Hi Greg,
Welcome to the Yellowfin Community! Thanks for reaching out with your question.
I would recommend setting your trust store using JVM arguments as opposed to directly in the Connector. The method in which to add these will depend on whether Yellowfin is installed as a Windows service, or hosted without a service file (Linux or Windows). The lines that will need added to the JVM arguments are as follows:
Replacing the values of the path and password with those relevant to your environment. Following are instructions on how to add these, dependent on your setup.
Windows Service
For a Windows Service, we will need to adjust the service properties. This can be done by opening a command prompt within the <YellowfinInstall>/appserver/bin/ folder and issuing the following command:
where our default service name is typically Yellowfin. As you're using this as a component of Truesight Server Automation, you'll want to verify what your service name is. This should pop up the service properties. Here you'll find the "Java Options" box on the "Java" tab:The required arguments can be added here to enable the trust store. Keep in mind these won't be recognized until the next startup.
No Windows Service
For deployments that are not using a Windows Service to control the application server, the above can be added to a file within the <YellowfinInstall>/appserver/bin folder.
It's recommended to create a "setenv.bat" file (or setenv.sh for Linux) to add any custom arguments. These can be pasted as they are above into a file here and Tomcat will pick up the new arguments on next boot.
Give this a try and let me know how it goes.
Thanks,
Ryan
https://wiki.yellowfinbi.com/pages/viewpage.action?pageId=20709979#Configuration-Authentication
https://wiki.yellowfinbi.com/pages/viewpage.action?pageId=20709979#Configuration-Authentication
Thanks Greg,
I'll send this over for review by our technical writer for review. Did you have any further follow up questions, or should I go ahead and mark this as Answered?
Regards,
Ryan
Thanks Greg,
I'll send this over for review by our technical writer for review. Did you have any further follow up questions, or should I go ahead and mark this as Answered?
Regards,
Ryan
You can mark it answered. Thanks!
You can mark it answered. Thanks!
Thanks Greg,
Happy to help! Don't hesitate to reach out with further questions or issues.
Thank you,
Ryan
Thanks Greg,
Happy to help! Don't hesitate to reach out with further questions or issues.
Thank you,
Ryan
Replies have been locked on this page!