Error Creating PDF File

[Victor Congionti]

• There was an error converting your completed documents to a PDF file.

I found a previous thread on this topic but I was not able to resolve this issue following the suggestions. What I've done so far:

1) Restarted my entire server

2) Yorestart web

I've attached my esf.log file with the recent entry. Appears to be some sort of ssl handshake thing going on?

[Open eSignForms]

That's an odd error to just crop up unless you changed your SSL cert, or the document you are converting to PDF has https URLs in it referencing another site.  The PDF generation will need to access your own webapp's URL from the server itself -- you can tell by looking at the HTML document's "source" (the HTML code itself rather than the rendered page) and see what sort of https references are required.  From there, you can perhaps run a test on your server to access those URLs and see if you get a more clear error.  In general, PDF conversion probably requires a valid digitally signed SSL cert (I doubt it works with self-signed certs, for example).  And we have seen some sites with godaddy 2 certs may need to add the godaddy certs to Java's cacerts file (jre/lib/security/cacerts) because they seem to have root certs that are not part of the Java keystore.

[Victor Congionti]

We did implement a new ssl cert in esignforms...Perhaps it wasn't implemented properly? After doing the SSL test I did find an interesting bit. See attached screenshot with arrow.

[Open eSignForms]

The self-signed root is probably okay, so long as that root cert is also in the Java keystore (jre/lib/security/cacerts -- not sure if jssecacerts is still used, but it probably is if you don't want to add anything to the shipped cacerts file).  The trust certs in cacerts varies based on Java version, so it's possible a newer Java will have the needed root certs. But if not sure, you can go to your jre/lib/security folder where your java runs, and if you have a jssecacerts file there, add your cert to it (and if it fails to add, you'll probably see that it needs some root certs added from the CA that issued your cert).

This is not really related to OpenESF, but to setting up SSL on Tomcat/Java, but the general idea is something like this:

1. cd $JAVA_HOME/jre/lib/security
2. cp cacerts jssecacerts
3. keytool -import -alias certname -trustcacerts -file YOURCERT.crt -keystore jssecacerts   (not that certname should not be "tomcat" as that's special to Tomcat for finding the server cert it uses/presents for SSL and most likely you need to import your CA's root cert used to sign your SSL cert).  The default password for cacerts/jssecacerts is 'changeit' I believe.
4. Restart tomcat so it gets a fresh Java process running that will use the updated jssecacerts file.

Hope that helps...