We have two WAS servers,wherein one server tries to connect to the other on which the RAM server is installed.
We noticed a SSL exception in the ram logs.
To fix it do we need to reimport the certificate into the first WAS server?
Exception :
[02/19/13 08:32:15 GMT] CRRAM0003I 341524734 INFO ws com.ibm.ram.userMgmt.security - Logged out as anonymous: ram.anyuser-1214170611-12533
[02/19/13 08:32:15 GMT] CRRAM0003I 341524749 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - PendingPolicyJob started
[02/19/13 08:32:15 GMT] CRRAM0003I 341524750 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - Handle pending policy request at: 2013-02-19 08:32:15.366
[02/19/13 08:32:15 GMT] CRRAM0003I 341524750 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - com.ibm.ram.repository.lifecycle.policy.cache queue has this number of requests: 0
[02/19/13 08:32:15 GMT] CRRAM0003I 341524751 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - PendingPolicyJob completed successfully
[02/19/13 08:32:20 GMT] CRRAM0003I 341529725 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.ImmediateNotificationSenderJ
ob - ImmediateNotificationSenderJob started
[02/19/13 08:32:20 GMT] CRRAM0003I 341529731 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.ImmediateNotificationSenderJ
ob - ImmediateNotificationSenderJob completed successfully
[02/19/13 08:32:37 GMT] CRRAM0003I 341546541 DEBUG web com.ibm.ram.repository.web.navigation.BreadcrumbsManager - createBreadcrumbLink - viewId: /admin/metrics/dashboard.jsp
[02/19/13 08:32:37 GMT] CRRAM0003I 341546708 DEBUG web com.ibm.ram.repository.assets.AssetManager - Searching asset index
[02/19/13 08:32:40 GMT] CRRAM0003I 341549735 DEBUG ws com.ibm.ram.repository.web.ws.quartz.jobs.AssetIndexBuilderJob - Asset indexing is using the external job server with job name: assetIndex
[02/19/13 08:32:41 GMT] CRRAM0003I 341550784 INFO web com.ibm.ram.repository.ssl.RAM1AccessUtils - Unable to instantiate real SSL context for SSLv2 protocol
java.security.NoSuchAlgorithmException: SSLv2 SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:230)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:33)
at com.ibm.ram.repository.ssl.RAM1AccessUtils.getRealContext(RAM1AccessUt
ils.java:103)
at com.ibm.ram.repository.ssl.RAM1AccessUtils.getSSLContexts(RAM1AccessUt
ils.java:74)
at com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory.<init
>(HttpclientSecureProtocolSocketFactory.java:40)
at com.ibm.ram.repository.ssl.RAM1AccessUtils.updateHTTPClientSSLProperti
es(RAM1AccessUtils.java:196)
at com.ibm.ram.repository.web.InfopopServlet.doGet(InfopopServlet.java:49
)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.
java:1663)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.
java:1597)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter
Chain.java:131)
at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServl
etFilter.java:529)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterIn
stanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter
Chain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilte
rChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilt
erManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
apper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
apper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl
etWrapperImpl.java:181)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cach
eServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:8
64)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja
va:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java
:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat
ion(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht
tpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(Http
ICLReadCallback.java:83)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall
back.complete(SSLReadServiceContext.java:1784)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur
e.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel
Future.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja
va:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
[02/19/13 08:32:41 GMT] CRRAM0003I 341550784 INFO web com.ibm.ram.repository.ssl.RAM1AccessUtils - Unable to instantiate fake SSL context for SSLv2 protocol
java.security.NoSuchAlgorithmException: SSLv2 SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:230)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:33)
at com.ibm.ram.repository.ssl.RAM1AccessUtils.getFakeContext(RAM1AccessUt
ils.java:89)
at com.ibm.ram.repository.ssl.RAM1AccessUtils.getSSLContexts(RAM1AccessUt
ils.java:77)
at com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory.<init
>(HttpclientSecureProtocolSocketFactory.java:40)
at com.ibm.ram.repository.ssl.RAM1AccessUtils.updateHTTPClientSSLProperti
es(RAM1AccessUtils.java:196)
at com.ibm.ram.repository.web.InfopopServlet.doGet(InfopopServlet.java:49
)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.
java:1663)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.
java:1597)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter
Chain.java:131)
at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServl
etFilter.java:529)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterIn
stanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter
Chain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilte
rChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilt
erManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
apper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
apper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl
etWrapperImpl.java:181)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cach
eServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:8
64)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja
va:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java
:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat
ion(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht
tpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(Http
ICLReadCallback.java:83)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall
back.complete(SSLReadServiceContext.java:1784)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur
e.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel
Future.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja
va:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
[02/19/13 08:32:41 GMT] CRRAM0003I 341550793 INFO web com.ibm.ram.repository.ssl.RAM1AccessUtils - Updated the HTTPCLIENT protocol handler for HTTPS protocol to use 'HttpclientSecureProtocolSocketFactory'
[02/19/13 08:32:41 GMT] CRRAM0003I 341550799 INFO web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed with SSL protocol: SSL
[02/19/13 08:32:41 GMT] CRRAM0003I 341550799 DEBUG web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed. Trying next SSL protocol
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.o.a(o.java:25)
at com.ibm.jsse2.o.a(o.java:20)
at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:51)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:780)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:400)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:787)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:640)
at ccom.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilt
erChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilt
erManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
apper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr
apper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl
etWrapperImpl.java:181)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cach
eServletWrapper.java:91)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:8
64)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja
va:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java
:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat
ion(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(
HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht
tpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(Http
ICLReadCallback.java:83)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall
back.complete(SSLReadServiceContext.java:1784)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur
e.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel
Future.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja
va:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
Caused by:
com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=nikhil.gupta@us.ibm.com, O=ibm.com, L=Austin, ST=Texas, C=US, CN=CCMP CA is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.util.f.b(f.java:99)
at com.ibm.jsse2.util.f.b(f.java:53)
at com.ibm.jsse2.util.e.a(e.java:14)
at com.ibm.jsse2.pc.a(pc.java:34)
at com.ibm.jsse2.pc.checkServerTrusted(pc.java:53)
at com.ibm.jsse2.pc.b(pc.java:75)
at com.ibm.jsse2.lb.a(lb.java:300)
... 45 more
Caused by:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=nikhil.gupta@us.ibm.com, O=ibm.com, L=Austin, ST=Texas, C=US, CN=CCMP CA is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPath
BuilderImpl.java:411)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
at com.ibm.jsse2.util.f.b(f.java:102)
... 51 more
Caused by:
java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=nikhil.gupta@us.ibm.com, O=ibm.com, L=Austin, ST=Texas, C=US, CN=CCMP CA is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCer
tPathValidatorImpl.java:176)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPath
BuilderImpl.java:737)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPa
thBuilderImpl.java:649)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPa
thBuilderImpl.java:595)
at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPath
BuilderImpl.java:357)
... 53 more
Caused by:
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
... 58 more
[02/19/13 08:32:41 GMT] CRRAM0003I 341550817 INFO web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed with SSL protocol: SSL
[02/19/13 08:32:41 GMT] CRRAM0003I 341550817 DEBUG web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed. Trying next SSL protocol
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.o.a(o.java:25)
at com.ibm.jsse2.o.a(o.java:20)
at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:51)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:780)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:400)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:787)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:640)
at com.ibm.ram.reposit
Comments
Hi,
What is your definition of upgrade? What did you upgrade? From what to what? What versions, products, etc?
Also, are you actually having any real errors? If you noticed, these are all INFO and DEBUG messages, which means these are exceptions that RAM knew how to handle, i.e. just info.
Please turn off the DEBUG stuff and go back to the default of WARNING. It is filling your log with information that just gets in the way of real errors. It confuses people thinking there were errors when there weren't. And it hides trying to find real errors.
DEBUG should ONLY be used when IBM support says it is to be turned on. Otherwise it must be set to default.
Thanks,
Rich
RAM WAS is 7.0.0.25.
We have upgraded RAM server from 7202 to 7511.
We do not see any errors on the UI ,all the RAM operations are working fine.
But just wanted to know if this exception needs to be handled by re importing the RAM server certificate into the WAS that tries to connect to it.
Then please turn off the DEBUG logging. You would not then see these messages and your logs would be much smaller. DEBUG should not be on unless IBM support said to turn it on. The debug messages only make sense to a support person and just clutter your logs and so you can't see real errors.