Active IQ Unified Manager Discussions

HTTPS doesn't work after installing WFA 3.0 on Server 2012 R2


    After installing WFA v3.0RC1 on server 2012 R2 and following all pre-reqs I was unable to connect to the WFA server from other machines via HTTPS. The server was not listening on 443.


The following was observed:


I am able to reach the WFA server via http://wfaserver.mydomain.corp/wfa and but not via https




Re: HTTPS doesn't work after installing WFA 3.0 on Server 2012 R2


Here is what fixed the issue in case someone else runs into this issue..


I looked at this log: C:\Program Files\NetApp\WFA\jboss\standalone\log\server.log


Started at the top and did a search for "error" and ran across this:


2015-01-26 18:38:53,105 ERROR [] (MSC service thread 1-3) MSC00001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService( [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$ [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker( [rt.jar:1.7.0_72]
at java.util.concurrent.ThreadPoolExecutor$ [rt.jar:1.7.0_72]
at [rt.jar:1.7.0_72]
Caused by: LifecycleException: Protocol handler initialization failed: C:\Program Files\NetApp\WFA\jboss\standalone\configuration\wfa.keystore (The system cannot find the file specified)
at org.apache.catalina.connector.Connector.init(
... 5 more



I checked and sure enough the keystore is missing. AFAIK this is supposed to be created automatically at installation but it looks like it wasnt for some reason. Lucky for me lots of people want to change these after install anyway so the documentation has a section on how to create a new certificate. You can find it on page 46 of the WFA 30RC1 setup guide titled "Replacing the default Workflow Automation SSL Certificate"


Here are the steps to save some time for anyone with the same issue:



1. Log in as the administrator on the WFA host machine.
2. Use the Windows Services console and stop the following WFA services:
• NetApp WFA Database
• NetApp WFA Server
3. Delete the wfa.keystore file from the following location: C:\Program Files\NetApp\WFA
4. Open a command prompt on the WFA server and change directories to the following location: C:
\Program Files\NetApp\WFA\jre\bin.
5. Enter the following at the command prompt to obtain the database key: keytool -keysize
2048 -genkey -alias "ssl keystore" -keyalg RSA -keystore "C:\ProgramFiles\NetApp\WFA\jboss\standalone\configuration\wfa.keystore" -validity xxxx
xxxx is the number of days for the new certificate's validity.
6. Specify the password when prompted for the password and new password.
"changeit" is the default password. If you do not want to use the default password, you must
change the password attribute of the ssl element in the standalone-full.xml file from the
following location: C:\Program Files\NetApp\WFA\jboss\standalone\configuration
<ssl name="ssl" password="new_password" certificate-key-file="$
7. Enter the required details for the certificate.
8. Review the displayed information and enter Yes.
9. Press Enter when prompted by the following message: Enter key password for <SSL
keystore> <RETURN if same as keystore password.
10. Restart the WFA services by using the Windows Services console.


You should now be able to access via https.









View solution in original post

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums