Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.

Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.

0 votes

I'm running Ubuntu 23.04. After setting up the service, I keep getting the error "Connection closed" while trying to open the Headwind MDM web panel.

The Tomcat log contains the following error:

[2023-06-24 22:53:21] [crit] Error running socket processor

[2023-06-24 22:53:21] [crit] java.lang.Exception: cannot create new ssl

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.jni.SSL.newSSL(Native Method)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.openssl.OpenSSLEngine.<init>(OpenSSLEngine.java:200)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.openssl.OpenSSLContext.createSSLEngine(OpenSSLContext.java:581)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:127)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.SecureNioChannel.processSNI(SecureNioChannel.java:306)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:154)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1759)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)

[2023-06-24 22:53:21] [crit]     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

[2023-06-24 22:53:21] [crit]     at java.base/java.lang.Thread.run(Thread.java:833)

by (37.6k points)

1 Answer

0 votes

By default, Headwind MDM uses SSL keystore type RSA.

Your SSL keys may have another type, for example, EC.

You can check the key type by using one of the following commands:

openssl rsa -in privatekey.pem -text -noout

openssl ec -in privatekey.pem -text -noout

openssl dsa -in privatekey.pem -text -noout

One of these commands should succeed. 

Also, you can check the key file size. For RSA, it has a few thousands bytes. For EC, it has a few hundred bytes. For example, here's the sample EC key.

# ls -l privatekey.pem

-rw------- 1 root root 241 Jun 24 22:44 privatekey.pem

If the key type is not RSA, open the file /var/lib/tomcat9/conf/server.xml, find the line <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" and change the certificate type from "RSA" to "EC" or "DCA". Restart Tomcat to apply changes.

by (37.6k points)
...