开发者

WebSphere 7 SSL error that never goes away no matter what I do?

I installed WebSphere 7.0 and RAD 7.5. Updated WAS to fix pack 11 and update RAD. 7.5.5. latest updates..etc...

  • I create a server profile.
  • I start the server.
  • I turn on global security and use LDAP. (something I have done a billion times)
  • I don't even attempt to publish an application.
  • The server constantly debugs out this message every two minutes.

How do you make it stop? I have tried making new keys doesn't work, I blow away the profile and make a new one. Nothing works. Nothing. The server is running at 400 MB without an application installed. Is this supposed to be normal? 400 MB with no app published?

The server profile creation wizard forces this SSL nonsense into the config.

What's really going on here?

I would love to utilize the latest server technology IBM has to offer but it seems to be broken right out of the box, out of the gate. 5 fix packs later and it's still broken.

[8/25/10 8:12:44:896 CDT] 0000000b SSLHandshakeE E   SSLC0008E: Unable to initialize SSL connection.  Unauthorized access was denied or security settings have expired.  Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
 at com.ibm.jsse2.b.a(b.java:34)
 at com.ibm.jsse2.pc.a(pc.java:155)
 at com.ibm.jsse2.pc.unwrap(pc.java:104)
 at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:17)
 at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:531)
 at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:291)
 at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
 at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
 at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
 at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
 at开发者_如何学Go com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
 at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
 at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
 at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
 at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
 at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)


I was wrong. Creating it from either way causes the issue. (running the pmt.bat or through the rad tool).

The real issue was not copying the global security stuff as a security domain. Basically you go to Security > Security Domains > then click the Copy from Global Security option.

This is just crazy. Why not simply have the goofy wizard ask if you would like this to happen also??? IBM infuriates me.


I solve this issue by enabling security in the server screen.

Open the Servers view, double click on the server, expand security, enable "Security is enabled in this server" and provide a user ID + password. After this the problem went away.

For some reason it was disabled even though I enabled it through the admin console.


Its too late but may be it helps others like me :)

Agree with Peter above, its IDE which checks status from server..

You need to add the certificate 'X' i.e. exportedCertificate.cer to JRE keystore. To do this, run this command in a Windows CMD window:

$ keytool -import -file exportedCertificate.cer -storepass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts -alias myAlias

Certificate 'X' is the default certificate in your Websphere server. You can find and export it through IBM console. Alternative is to hit HTTPS url at browser and export it from browser in DER format.


I found that this solution worked best for me.

http://wiing.fr/websphere-application-server-ssl-error/

The way to fix it is to connect to the administration console, navigate to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates

Select the default alias and click on renew. Restart WAS.

I recently got that error because the certificate’s beginning date was set to a date in the future, could not understand what happened to my configuration…


Your app server is trying to establish a ssl connection on a port that is not ssl. An easy way to see it live is trying to access the admin console using http but using the ssl port. If you use the standard ports you can try this: http://localhost:9043/ibm/console/


This error may be caused by your IDE (let it be Rational Application Developer RAD, Rational Software Architect RSA or plain Eclipse), which is trying to update the server status in the "Servers View".

As somebody here already said, the IDE's call to WebSphere Application Server's console fails, because it's malformed:

Unrecognized SSL message, plaintext connection?

Since your IDE tries to update the status regularly, the server prints this error message as often.

What worked in my case, was to remove the server from the "Servers View" (Right click - delete) and add a new one (Right click - new).


In my case, my IDE is not run with IBM's JRE. Since it's eclipse. so i update the eclipse.ini to include

-vm
E:/IBM/WebSphere/AppServer/java/bin/javaw


In most cases, this is due to expired SSL Certificate. Go to:

C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\XXXXXXNode01Cell\nodes\XXXXXXXXNode01

and see key.p12 and trust.p12 files. Check the created/modified date. It will typically be more than 1 year older. This means it's expired as typically above files are valid for 1 year only.

Solution

  1. Delete entire websphere server profile (which will delete everything under C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\AppSrv01 and create a new. this will wipe out key.p12 and trust.p12 files along with other files and create a new key.p12 and trust.p12 files when you create new profile.

  2. Copy key.p12 and trust.p12 from your colleague's machine whose key files(key.p12 and trust.p12) are not expired. You can also use iKeyman tool to renew key.p12.


I also faced this issue . finally sorted out this issue. Below are the steps may helpful.

  1. delete the profiles which you have created earlier.

    • to view all profiles: IBM/AppServer/bin/manageprofiles.bat -listProfiles
    • deletion of profiles: IBM/AppServer/bin/manageprofiles.bat -delete ProfileName
  2. Windows-->Start-->Services find any IBM WebSphere servers are running background. try to stop them and restart the server.


Modify your eclipse.ini to explicitly use the IBM JRE as follows:

-vm C:/Program Files (x86)/IBM/WebSphere/AppServer/java_1.7_64/jre/bin/javaw.exe
--launcher.appendVmargs
-vmargs
-Dosgi.requiredJavaVersion=1.7
-Xms512m
-Xmx6144m

Restart Eclipse and Restart your IBM Websphere Application Server to fix the issue.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜