server too slow to respond maybe an ssl issue

rocketman

So the day started really badly at 6:00 am when I updated the security certificate (sslforfree). Was on the server last night - all good. Never thought to check it this morning, just went ahead and updated the cert.

Brought AwareIM back online. Tried to log into a BSV. Browser returned "server took too long to respond". Tried several restarts and keep getting "2019-08-03 20:01:41,958 ERROR XXXX#9a0d8b6e709385a1cdde889fc1b2022d -Exception while executing handleTimer(). Exception class=com.bas.basserver.bsmanager.T message Can't call commit when autocommit=true" in the server startup log (where XXXX is one of my business space versions)

Don't understand why this is happening as the execution context is empty and no clients have been able to log in today.

Spent all day doing windows updates (long overdue) , several server restarts and now - 14 hours later - still "Server took too long to respond.

Never had a day like today in many a long year. Can anyone help

customaware

Send a PM to cishpix (Suwandy)

He is at GMT +7 but is the best at sorting this sort of stuff out.

He looks after all of my servers and is awesome.

rocketman

Thanks Mark - I'll get right on it

rocketman

Dohhh .... 24 hours of pain for missing out one vital step!!!!

For anyone finding this in the future - and If you're using sslforfree here's what I needed to do. The vital missing step is in CAPS

1) create a new keystore in the PKSC12 format
2) Import the CA-Bundle certificate
3) import the Key pair (PKCS8 key format - Private.key and Certificate.crt
4) CONVERT THE WHOLE BLOODY LOT (THE KEYSTORE) BACK TO JKS FORMAT
5) Be sure to name it Keystore
6) set the correct path in Tomcat's server.xml
7) Restart AwareIM

NOTE - the actual keystore password (asked for at the end when you save it) MUST be the same as the password you use for the key pair otherwise Tomcat will complain

I'm guessing that in 3 months the procedure will be to convert the keystore back to PKCS12 format, import the new key pair, then convert it back to JKS, and in 2021 when the root and intermediate runs out, import the new CA-Bundle certificate. Will post again in 60 days to confirm.