ALM Support Tip: enablessl.sh does not enable SSL in Octane v12.55.8 (CP5) - Workaround

  • Document ID:KM03101190
  • Creation Date:22-Feb-2018
  • Modified Date:22-Jul-2020
    • Micro Focus Products:
      alm octane

Summary

The "enablessl.sh" and "enablessl.bat" files point to a .jar which doesn't exist to encrypt the certificate password

Question

Enablessl.sh does not enable SSL in Octane v12.55.8 (CP5) - Workaround

Answer

HOW-TO-REPRODUCE:

1) Place a keystore.jks in the /opt/octane/conf folder
2) Run: ./enablessl.sh <password>
    For example ./enablessl.sh rootroot
3) The wrapper.log will show the error: org.eclipse.jetty.ssl.password : WrapperManager: WARNING - System.in has been disabled by the wrapper.disable_console_input property.  Calls will block indefinitely.
4) Examine the file: jetty-ssl.xml in the path: /opt/octane/server/conf
5) Notice all three elements which hold the encrypted password are blank

The root cause is in the "enablessl.sh" file. Examine the file, specifically the line...
obf_password=$(java -cp  /opt/octane/server/lib/jetty-util-9.2.7.v20150116.jar org.eclipse.jetty.util.security.Password $1 2>&1 | grep OBF)

The .jar "jetty-util-9.2.7.v20150116.jar" does not exist in the path: /opt/octane/server/lib
I altered the enablessl.sh file, specifying what I think is a similar .jar, as follows...
obf_password=$(java -cp  /opt/octane/server/lib/jetty-util-9.2.9.v20150224.jar org.eclipse.jetty.util.security.Password $1 2>&1 | grep OBF)

That didn't work either so there might also be a problem with the "jetty-util-9.2.9.v20150224.jar"
Presumably the same issue will occur on the Windows platform as well although I didn't test it.
This used work in a previous version of Octane. I think 12.55.4.

WORK-AROUND:

To overcome this issue I used ALM dotNet to get it done. Consider the following line...
"D:\Program Files\HP\ALM\ALM\java\bin\java" -cp D:\ProgramData\HP\ALM\server\lib\jetty-util-9.1.4.v20140401.jar org.eclipse.jetty.util.security.Password rootroot

The first path is the path to the Java on ALM dot net, switch -cp, then the path to the "jetty-util-9.1.4.v20140401.jar" followed by the certificate password "rootroot"
This generates the password. For "rootroot" the value is: OBF:1ym51x1b1x1b1ym91ym51x1b1x1b1ym9
I then edit the jetty-ssl.xml and populate the "password" elements in the three places with the above password.

Specifically the password resides in the following elements…

<Set name="KeyStorePassword"> <Property name="jetty.keystore.password" default="OBF:1ym51x1b1x1b1ym91ym51x1b1x1b1ym9"/> </Set><Set name="KeyManagerPassword"> <Property name="jetty.keymanager.password" default="OBF:1ym51x1b1x1b1ym91ym51x1b1x1b1ym9"/> </Set><Set name="TrustStorePath"> <Property name="jetty.base" default="."/> / <Property name="jetty.truststore" default="../conf/keystore.jks"/> </Set><Set name="TrustStorePassword"> <Property name="jetty.truststore.password" default="OBF:1ym51x1b1x1b1ym91ym51x1b1x1b1ym9"/> </Set>

Then the cmd in the shell: service HPALM restart and Octane will come online using SSL on port 8443