javawebspheressl-handshake

Deploying a Ear and Web application under IBM RAD and IBM Websphere but SSL error can't get rid of


So I have a web application and ear want to deploy that code but first cannot get past the SSL error at startup for the Websphere server.

It puts the websphere server in an invalid state. Starting keeps "starting" and stopping keeps "stopping", it never goes to stopped or started until I kill the server.

So I have a local websphere configuration with:

WebSphere Platform 8.5.5.15 [BASE 8.5.5.15 cf151904.01] r Host Operating System is Windows 10, version 10.0 Java version = 1.8.0_191, Java Runtime Version = 8.0.5.27 - pwa6480sr5fp27-20190104_01(SR5 FP27), Java Compiler = j9jit29, Java VM name = IBM J9 VM

This is before HCL take over

If I add the ear or remove the ear I get the same error.

I go through the steps and selected Advanced setup during the profile setup.

I setup the profile, pick the port, etc.

I start the server. At first the server is fine.

But I also need LDAP form based authentication security. I setup LDAP custom security and go through steps.

Once I add the security and restart, I get this error.

And the server ends up in a bad state where it wont fully start. Adding the ear also wont' deploy.

From the suggested fixes.

There is a recommendation to renew the certificates. I did this. The certificate is not old so curious why I would need to do this? Also when I renew into 2025, still gets the same error.

Now, I can start the server if I manually disable security. But I also need that for the app.

What do you think? Any IBM HCL Websphere guys know about this issue?

Error

[4/26/24 12:26:25:361 EDT] 00000072 SSLHandshakeE E   SSLC0008E: Unable to initialize SSL connection.  Unauthorized access was denied or security settings have expired.  Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
  at com.ibm.jsse2.c.a(c.java:12)
  at com.ibm.jsse2.as.a(as.java:257)
  at com.ibm.jsse2.as.unwrap(as.java:528)
  at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:5)
  at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:586)
  at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:346)
  at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
  at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
  at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
  at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
  at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
  at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
  at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
  at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
  at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)

Solution

  • As a workaround, you can disable SSL for your CSI/RMI connectivity. That would allow RAD to connect. Check this answer for details - Starting Websphere from Eclipse hangs when security is enabled