VERIFIED SOLUTION i
X

Upgraded SSL-Certificate on server running Pitney Bowes Spectrum Technology Platform 9 SP1 and now encountering errors.

Issue

In setting up SSL Connection with Spectrum 9, after defining the certificate, Pitney Bowes Spectrum Technology Platform would not start successfully.

Cause

The error message that was being documented in the wrapper.log shows:

Error creating bean with name 'webServerConnectors': Cannot create inner bean 'org.mortbay.jetty.security.SslSocketConnector#6d3c6012' of type [org.mortbay.jetty.security.SslSocketConnector] while setting bean property 'sourceList' with key [1]; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class

Resolution

UPDATED: March 27, 2017


In the Pitney Bowes Spectrum Technology Platform Administration Guide, the process to set up secure communications is documented in Managing Security -> Configuring HTTPS Communication section of the documentation.

Configuring HTTPS Communication

By default, Spectrum™ Technology Platform communication with the client tools (Enterprise Designer, Management Console, and Interactive Driver) and API occurs over HTTP. You can configure Spectrum™ Technology Platform to use HTTPS if you want to secure these network communications.

  1. Stop the Spectrum™ Technology Platform server.
    • To stop the server on Windows, right-click the Spectrum™ Technology Platform icon in the Windows system tray and select Stop Server. Alternatively, you can use the Windows Services control panel and stop the Pitney Bowes Spectrum™ Technology Platform service.
    • To stop the server on Unix or Linux, source the <SpectrumLocation>/server/bin/setup script then execute the <SpectrumLocation>/server/bin/server.stop script.
  2. Create a certificate signed by a trusted CA and load it into a JSSE keystore. For more information, see www.eclipse.org/jetty/documentation/current/configuring-ssl.html.
  3. Create an XML file named spectrum-override-container-ssl.xml containing the following:
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:util="http://www.springframework.org/schema/util"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/util
           http://www.springframework.org/schema/util/spring-util-3.0.xsd">
        
        <bean id="defaultWebServerConnector" class="org.eclipse.jetty.server.ServerConnector">
            <constructor-arg ref="webServer"/>
            <constructor-arg>
                <bean class="org.eclipse.jetty.util.ssl.SslContextFactory">
                    <property name="keyStorePath" value="/SpectrumKeystore"/>
                    <property name="keyManagerPassword" value="password"/>
                    <property name="keyStorePassword" value="password"/>
                </bean>
            </constructor-arg>
            <property name="host" value="${spectrum.bind.address}"/>
            <property name="port" value="${spectrum.http.port}"/>
            <property name="idleTimeout" value="-1"/>
        </bean>
    </beans>
  4. Modify the following lines as needed to reflect your environment:
    <property name="keyStorePath" value="/SpectrumKeystore"/>Modify the value to be the path to the keystore you are using. This example assumes the keystore in the root of the drive on which the Spectrum™ Technology Platform server is installed.
    <property name="keyManagerpassword" value="password"/>Modify the value to be the password to the keystore.
    <property name="keyStorePassword" value="password"/>Modify the value to be the password to the key within the keystore.
  5. Save the spectrum-override-container-ssl.xml file to <SpectrumLocation>/server/app/conf/spring.
  6. Using a text editor, open the file spectrum-container.properties located in <SpectrumLocation>/server/app/conf. Locate the Spectrum runtime settings section, then uncomment and set the following properties:

    spectrum.http.port=port
    spectrum.runtime.port=port
    spectrum.runtime.hostname=dnsname

    Where port is the network port to use for communication with the clients (for example 8443) and dnsname is the external DNS for the server. The port you specify must be the same for both spectrum.http.port and spectrum.runtime.port.

  7. If you are configuring HTTPS communication for the Location Intelligence Module and Spectrum Spatial services, you must perform additional configuration prior to restarting the Spectrum™ Technology Platform server:
    1. Modify the java.properties file (<SpectrumLocation>/server/modules/spatial) by changing all hostnames and ports to be exactly the same as the ones used for the Spectrum™ Technology Platform server. The hostname must match the DNS name of the server and the CN in the certificate. Set property repository.useSecureConnection to true. For example:
      images.webapp.url=https://www.spectrum.com:8443/Spatial/images
      thumbnail.location=https://www.spectrum.com:8443/Spatial/Thumbnails
      
      repository.host=www.spectrum.com
      repository.port=8443
      repository.useSecureConnection=true
    2. Modify the service configuration files (SpectrumLocation\server\modules\spatial\Configuration) by changing all repository URLs to use https and the hostname and port defined in the previous step. For example, https://www.spectrum.com:8443/RepositoryService/rmi. Also, change these URLs in the value of the elements listed for the services:
      MappingConfiguration – <AccessBaseURL>
      WFSConfiguration, WMSConfiguration - <OnlineResource>, <ResourceRoot> 
    3. Upload the modified files into the Repository using WebDAV (see Using WebFolders to Access the Repository Resources for instructions).
  8. Start the Spectrum™ Technology Platform server.
    • To start the server on Windows, right-click the Spectrum™ Technology Platform icon in the Windows system tray and select Start Server. Alternatively, you can use the Windows Services control panel to start the Pitney Bowes Spectrum™ Technology Platform service.
    • To start the server on Unix or Linux, execute the <SpectrumInstallDirectory>/server/bin/server.start script.


If the issue is unresolved after following these steps, contact customer support for further assistance.

Environment Details

Product Feature: Spectrum Server

Operating System: Linux


 

Downloads

  • No Downloads