Links may not function; however, this content may be relevant to outdated versions of the product.
Troubleshooting: "javax.net.ssl.SSLHandshakeException’ due certificate renewal defect (WebSphere Application Server
Symptom
You have deployed Process Commander with IBM WebSphere Application Server Version 6.1. When you use the System Management Application (SMA) to connect to a Process Commander node, the SMA console displays an error similar to the following:
Fail to instantiate WASJMXConnector
Failed to get mbean server connection
Failed to create admin client
ADMC0053E: The system cannot create a SOAP connector to connect to host <your_host_server_name> at port <port_number> with SOAP connector security enabled.
Further investigation reveals an error in the WebSphere Application Server SystemOut.log
similar to the following excerpt:
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl createSSLSocket SoapConnectorThreadPool: 0 JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security.
Reason: com.ibm.jsse2.util.h: No trusted certificate found javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found
Solution
Automatic renewal of expired certificates does not work properly. After automatic certificate renewal, WebSphere Application Server cannot talk to node agents, resulting in the error, JSSL0080E SSL HandShake Exception
.
IBM provides two fix packs that resolve problems with renewal of certificates and the monitoring of expired certificates.
As a short-term solution to the IBM defect, manually add renewed certificates to the trust stores. This procedure is documented in PK36869 in the sections Error description and Local fix.
Refer to IBM PK36869 and PK48659.
IBM References
PK48659: CERTIFICATE MONITOR IS NOT PROPERLY REMOVING THE EXPIRED CERTIFICATE FROM THE KEYSTORE