It's all about the answers!

Ask a question

Do we need to import the RAM server certificate after the RAM server is upgraded?


Manjiri Kamat (5132325) | asked Feb 22 '13, 3:24 a.m.
We have two WAS servers,wherein one server tries to connect to the other on which the RAM server is installed.
We noticed a SSL exception in the ram logs.
To fix it do we need to reimport the certificate into the first WAS server?

Exception :
[02/19/13 08:32:15 GMT] CRRAM0003I   341524734 INFO   ws com.ibm.ram.userMgmt.security         - Logged out as anonymous: ram.anyuser-1214170611-12533
[02/19/13 08:32:15 GMT] CRRAM0003I   341524749 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - PendingPolicyJob started
[02/19/13 08:32:15 GMT] CRRAM0003I   341524750 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - Handle pending policy request at: 2013-02-19 08:32:15.366
[02/19/13 08:32:15 GMT] CRRAM0003I   341524750 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - com.ibm.ram.repository.lifecycle.policy.cache queue has this number of requests: 0
[02/19/13 08:32:15 GMT] CRRAM0003I   341524751 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.PendingPolicyJob - PendingPolicyJob completed successfully
[02/19/13 08:32:20 GMT] CRRAM0003I   341529725 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.ImmediateNotificationSenderJ ob - ImmediateNotificationSenderJob started
[02/19/13 08:32:20 GMT] CRRAM0003I   341529731 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.ImmediateNotificationSenderJ ob - ImmediateNotificationSenderJob completed successfully
[02/19/13 08:32:37 GMT] CRRAM0003I   341546541 DEBUG web com.ibm.ram.repository.web.navigation.BreadcrumbsManager - createBreadcrumbLink - viewId: /admin/metrics/dashboard.jsp
[02/19/13 08:32:37 GMT] CRRAM0003I   341546708 DEBUG web com.ibm.ram.repository.assets.AssetManager - Searching asset index
[02/19/13 08:32:40 GMT] CRRAM0003I   341549735 DEBUG  ws com.ibm.ram.repository.web.ws.quartz.jobs.AssetIndexBuilderJob - Asset indexing is using the external job server with job name: assetIndex
[02/19/13 08:32:41 GMT] CRRAM0003I   341550784 INFO  web com.ibm.ram.repository.ssl.RAM1AccessUtils - Unable to instantiate real SSL context for SSLv2 protocol
java.security.NoSuchAlgorithmException: SSLv2 SSLContext not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:230)
    at javax.net.ssl.SSLContext.getInstance(SSLContext.java:33)
    at com.ibm.ram.repository.ssl.RAM1AccessUtils.getRealContext(RAM1AccessUt ils.java:103)
    at com.ibm.ram.repository.ssl.RAM1AccessUtils.getSSLContexts(RAM1AccessUt ils.java:74)
    at com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory.<init >(HttpclientSecureProtocolSocketFactory.java:40)
    at com.ibm.ram.repository.ssl.RAM1AccessUtils.updateHTTPClientSSLProperti es(RAM1AccessUtils.java:196)
    at com.ibm.ram.repository.web.InfopopServlet.doGet(InfopopServlet.java:49 )
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper. java:1663)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper. java:1597)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter Chain.java:131)
    at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServl etFilter.java:529)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterIn stanceWrapper.java:188)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter Chain.java:116)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilte rChain.java:77)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilt erManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr apper.java:934)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr apper.java:502)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl etWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cach eServletWrapper.java:91)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:8 64)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja va:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java :186)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat ion(HttpInboundLink.java:452)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest( HttpInboundLink.java:511)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht tpInboundLink.java:305)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(Http ICLReadCallback.java:83)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall back.complete(SSLReadServiceContext.java:1784)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted( AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur e.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel Future.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja va:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
[02/19/13 08:32:41 GMT] CRRAM0003I   341550784 INFO  web com.ibm.ram.repository.ssl.RAM1AccessUtils - Unable to instantiate fake SSL context for SSLv2 protocol
java.security.NoSuchAlgorithmException: SSLv2 SSLContext not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:230)
    at javax.net.ssl.SSLContext.getInstance(SSLContext.java:33)
    at com.ibm.ram.repository.ssl.RAM1AccessUtils.getFakeContext(RAM1AccessUt ils.java:89)
    at com.ibm.ram.repository.ssl.RAM1AccessUtils.getSSLContexts(RAM1AccessUt ils.java:77)
    at com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory.<init >(HttpclientSecureProtocolSocketFactory.java:40)
    at com.ibm.ram.repository.ssl.RAM1AccessUtils.updateHTTPClientSSLProperti es(RAM1AccessUtils.java:196)
    at com.ibm.ram.repository.web.InfopopServlet.doGet(InfopopServlet.java:49 )
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:718)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper. java:1663)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper. java:1597)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter Chain.java:131)
    at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServl etFilter.java:529)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterIn stanceWrapper.java:188)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilter Chain.java:116)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilte rChain.java:77)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilt erManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr apper.java:934)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr apper.java:502)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl etWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cach eServletWrapper.java:91)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:8 64)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja va:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java :186)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat ion(HttpInboundLink.java:452)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest( HttpInboundLink.java:511)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht tpInboundLink.java:305)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(Http ICLReadCallback.java:83)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall back.complete(SSLReadServiceContext.java:1784)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted( AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur e.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel Future.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja va:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
[02/19/13 08:32:41 GMT] CRRAM0003I   341550793 INFO  web com.ibm.ram.repository.ssl.RAM1AccessUtils - Updated the HTTPCLIENT protocol handler for HTTPS protocol to use 'HttpclientSecureProtocolSocketFactory'
[02/19/13 08:32:41 GMT] CRRAM0003I   341550799 INFO  web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed with SSL protocol: SSL
[02/19/13 08:32:41 GMT] CRRAM0003I   341550799 DEBUG web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed. Trying next SSL protocol
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.jsse2.o.a(o.java:25)
    at com.ibm.jsse2.o.a(o.java:20)
    at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:51)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:780)
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:400)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:787)
    at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:640)
    at ccom.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilt erChain.java:77)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilt erManager.java:908)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr apper.java:934)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWr apper.java:502)
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(Servl etWrapperImpl.java:181)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(Cach eServletWrapper.java:91)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:8 64)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.ja va:1592)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java :186)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscriminat ion(HttpInboundLink.java:452)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest( HttpInboundLink.java:511)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(Ht tpInboundLink.java:305)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(Http ICLReadCallback.java:83)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCall back.complete(SSLReadServiceContext.java:1784)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted( AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFutur e.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannel Future.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.ja va:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1646)
Caused by:
com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=nikhil.gupta@us.ibm.com, O=ibm.com, L=Austin, ST=Texas, C=US, CN=CCMP CA is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.jsse2.util.f.b(f.java:99)
    at com.ibm.jsse2.util.f.b(f.java:53)
    at com.ibm.jsse2.util.e.a(e.java:14)
    at com.ibm.jsse2.pc.a(pc.java:34)
    at com.ibm.jsse2.pc.checkServerTrusted(pc.java:53)
    at com.ibm.jsse2.pc.b(pc.java:75)
    at com.ibm.jsse2.lb.a(lb.java:300)
    ... 45 more
Caused by:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
    java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=nikhil.gupta@us.ibm.com, O=ibm.com, L=Austin, ST=Texas, C=US, CN=CCMP CA is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPath BuilderImpl.java:411)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:258)
    at com.ibm.jsse2.util.f.b(f.java:102)
    ... 51 more
Caused by:
java.security.cert.CertPathValidatorException: The certificate issued by EMAILADDRESS=nikhil.gupta@us.ibm.com, O=ibm.com, L=Austin, ST=Texas, C=US, CN=CCMP CA is not trusted; internal cause is:
    java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
    at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCer tPathValidatorImpl.java:176)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPath BuilderImpl.java:737)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPa thBuilderImpl.java:649)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPa thBuilderImpl.java:595)
    at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPath BuilderImpl.java:357)
    ... 53 more
Caused by:
java.security.cert.CertPathValidatorException: Certificate chaining error
    at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:298)
    at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
    ... 58 more
[02/19/13 08:32:41 GMT] CRRAM0003I   341550817 INFO  web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed with SSL protocol: SSL
[02/19/13 08:32:41 GMT] CRRAM0003I   341550817 DEBUG web com.ibm.ram.repository.ssl.HttpclientSecureProtocolSocketFactory - Creating socket failed. Trying next SSL protocol
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.jsse2.o.a(o.java:25)
    at com.ibm.jsse2.o.a(o.java:20)
    at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:51)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:780)
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:400)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:787)
    at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:640)
    at com.ibm.ram.reposit


Comments
Rich Kulp commented Feb 22 '13, 10:23 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Hi,

What is your definition of upgrade? What did you upgrade? From what to what? What versions, products, etc?


Rich Kulp commented Feb 22 '13, 10:33 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Also, are you actually having any real errors? If you noticed, these are all INFO and DEBUG messages, which means these are exceptions that RAM knew how to handle, i.e. just info.

Please turn off the DEBUG stuff and go back to the default of WARNING. It is filling your log with information that just gets in the way of real errors. It confuses people thinking there were errors when there weren't. And it hides trying to find real errors.

DEBUG should ONLY be used when IBM support says it is to be turned on. Otherwise it must be set to default.

Thanks,
Rich


Manjiri Kamat commented Feb 25 '13, 5:03 a.m.

RAM WAS is 7.0.0.25.
We have upgraded RAM server from 7202 to 7511.

We do not see any errors on the UI ,all the RAM operations are working fine.
But just wanted to know if this exception needs to be handled by re importing the RAM server certificate into the WAS that tries to connect to it.



Rich Kulp commented Feb 25 '13, 10:02 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Then please turn off the DEBUG logging. You would not then see these messages and your logs would be much smaller. DEBUG should not be on unless IBM support said to turn it on. The debug messages only make sense to a support person and just clutter your logs and so you can't see real errors.

One answer



permanent link
Gili Mendel (1.8k56) | answered Feb 25 '13, 9:02 a.m.
JAZZ DEVELOPER
These are INFO/DEBUG logs ... not warn or errors, and are usually turned off.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.