Cannot connect to aggregate server on Tomcat 9 when using SSL. Only thing in logs are warning messages

What is the problem? Please be detailed.
We have an install of ODK Aggregate 1.61 and we are using Tomcat 9. The test install went great and we were able to conduct surveys. We needed a URL and an SSL cert and we got both. I believe I installed the cert successfully in Tomcat. No error messages, and a re-install of aggregate went well. However we can't connect. The connection always times out. Interestingly if I re-install aggregate with the url but NOT with SSL, I can connect fine. The only error messages I see are as follows. They are actually only warning messages.

WARNING: The class org.apache.wink.common.internal.providers.entity.FileProvider was already added to the JAX-RS runtime. The runtime is ignoring this value.  Check that this class was not returned in the javax.ws.rs.core.Application subclass getSingletons() and getClasses() methods.
Oct 30, 2018 4:21:49 AM org.apache.wink.common.internal.application.ApplicationValidator classUnique
WARNING: The class org.apache.wink.common.internal.providers.entity.ByteArrayProvider was already added to the JAX-RS runtime. The runtime is ignoring this value.  Check that this class was not returned in the javax.ws.rs.core.Application subclass getSingletons() and getClasses() methods.
Oct 30, 2018 4:21:49 AM org.apache.wink.common.internal.application.ApplicationValidator classUnique
WARNING: The class org.apache.wink.common.internal.providers.multipart.OutMultiPartProvider was already added to the JAX-RS runtime. The runtime is ignoring this value.  Check that this class was not returned in the javax.ws.rs.core.Application subclass getSingletons() and getClasses() methods.
Oct 30, 2018 4:21:49 AM org.apache.wink.common.internal.application.ApplicationValidator classUnique
WARNING: The class org.apache.wink.common.internal.providers.multipart.BufferedInMultiPartProvider was already added to the JAX-RS runtime. The runtime is ignoring this value.  Check that this class was not returned in the javax.ws.rs.core.Application subclass getSingletons() and getClasses() methods.

What ODK tool and version are you using? And on what device and operating system version?
ODK Aggreagete 6.1 on Windows Server 2012R2. Tomcat Version 9

What you have you tried to fix the problem?
Uninstall and re-install aggregate, re-issue cert.

Anything else we should know or have? If you have a test form or screenshots or logs, attach here.
This setup is similar to another setup we used, same Windows server only using Tomcat 8.5 and we had no problems setting up the SSL. The server.xml is identical (save for name of cert, of course). Think I'll just downgrade to tomcat 8.5 and see if that works, but wonder if there are any issues with Tomcat 9. Also attaching my server.xml. I really hope there is an embarrassing typo! Thanks for any help.

Hi @Craig_Savel, when you get a chance, please introduce yourself here. You've been a community member for some time and we'd love to learn more :slight_smile:

As to the issue at hand, your upload had sensitive information, so I have removed it. Please change your keystore password because it has been compromised.

I don't think Tomcat 9 is the problem. @ggalmazor, can you confirm?

I also don't think the warnings you are getting are the cause of the problem. Just to be extra sure, there are usually 2-3 different logs (catalina, localhost, and localhost_access) for your Tomcat install. Check all those for hints.

My guess is that there is something wrong with your server.xml config or your keystore setup. Those are going to be hard to troubleshoot, but as a first step, does connecting using your web browser on port 80 or port 443 have different results?

It might be worth trying LetsEncrypt (it's free!) for the certs just to make sure something more standard works. My LetsEncrypt setup looks like this:

<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
	SSLCertificateFile="/etc/acme.sh/example.com/cert.pem"
	SSLCertificateKeyFile="/etc/acme.sh/example.com/key.pem"
	SSLCertificateChainFile="/etc/acme.sh/example.com/fullchain.pem"
	SSLVerifyClient="none" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
	maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS" connectionTimeout="20000" URIEncoding="UTF-8" />

Hi Yaw. Thanks for the answer. It was indeed my keystore setup but we aren't sure what the issue was, but after about 7 times re-issuing the cert, it worked. I suspect it might have been an issue with a root or intermediate cert that Azure didn't recognize - one of those problems that would be almost impossible to track down but we are glad to see the back end of it.

Again, thanks so much.

1 Like