Symptom

You have deployed Process Commander with IBM WebSphere Application Server Version 6.1. When you use the System Management Application (SMA) to connect to a Process Commander node, the SMA console displays an error similar to the following:

Fail to instantiate WASJMXConnector
Failed to get mbean server connection
Failed to create admin client
ADMC0053E: The system cannot create a SOAP connector to connect to host <your_host_server_name> at port <port_number> with SOAP connector security enabled.

Further investigation reveals an error in the WebSphere Application Server SystemOut.log similar to the following excerpt:

com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl createSSLSocket SoapConnectorThreadPool: 0 JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security.
Reason: com.ibm.jsse2.util.h: No trusted certificate found javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found

Solution

Automatic renewal of expired certificates does not work properly. After automatic certificate renewal, WebSphere Application Server cannot talk to node agents, resulting in the error, JSSL0080E SSL HandShake Exception.

IBM provides two fix packs that resolve problems with renewal of certificates and the monitoring of expired certificates.

As a short-term solution to the IBM defect, manually add renewed certificates to the trust stores. This procedure is documented in PK36869 in the sections Error description and Local fix.

Refer to IBM PK36869 and PK48659.

IBM References

PK36869: AFTER AUTOMATIC CERT RENEWAL DMGR CANNOT TALK TO NODEAGENTS. "JSSL0080E SSL HANDSHAKE EXECPTION"

PK48659: CERTIFICATE MONITOR IS NOT PROPERLY REMOVING THE EXPIRED CERTIFICATE FROM THE KEYSTORE