Secure connection failed. SSL received a record that exceeded the maximum permissible length

Document ID : KB000021131
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In Service Desk r12.6 CA SDM & r12.7 CA SDM web.url with SSL fails with below error after following steps in Service Desk Admin guide 'Configure SSL on Tomcat' section.

Secure connection failed

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

Solution:

The process is taken from the Tomcat documentation updated for the Service Desk implementation of Tomcat, and can be found in the Administration guide.

  1. From the command line, change directories to the JRE install location, and enter the following command:

    bin\keytool -genkey -alias tomcat -keyalg RSA

    A .keystore file is created by default in the home directory of the logged in user. You can specify a different location during .keystore file generation. On UNIX, make sure that the directory in which you generate the .keystore file has sufficient permissions for CA Service Desk Manager access.

    Note: For more about specifying a different .keystore file location, see your Tomcat documentation.

  2. Answer the prompts appropriately. The default password is changeit.

    Note: You can enter a password other than the default one. For more information, see your Tomcat documentation.

  3. Edit the server.xml file located in the following directory: NX_ROOT\bopcfg\www\CATALINA_BASE\conf.

  4. Uncomment the SSL section and add the location of the .keystore file generated in the Step 1:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
    </Connector>

  5. In the above given <Connector> statement SSLEnabled="true" should be added. Else it returns below message while browsing Service Desk via https.

    From Firefox:

    Figure 1

    From Internet Explorer:

    Figure 2

  6. Make sure <Connector> statement is modified as follows and restart tomcat server.

    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    SSLEnabled="true" port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" keystoreFile="C:\Documents and Settings\user\.keystore" />
    </Connector>

  7. Use the following commands to restart the Tomcat server:

    pdm_tomcat_nxd -c stop
    pdm_tomcat_nxd -c start