Websphere SSLHandshakeException

[pb...@casper.pl]

Hello All,

Environment: Linux RHEL 4 x86_64
WAS ND 6.0.2.19 x86_64
Java version = J2RE 1.4.2 IBM J9 2.2 Linux amd64-64 j9xa64142-20060428
Two node cluster.

Problem description:
We have EJB application that sends SMS codes to our client by using JMS queue.
At sam temie the second node works fine. After restarting app server (that generates exceptions) there are no exceptions about Certificate not Trusted.

In application log we get:

2008-10-02 14:11:41.792|DEBUG|Default : 2|CIB|com.comarch.vibank.messenger.ejb.sms.SmsCommunicationBean|sendSmsCode||||||402202030|javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted|

.
.
.
2008-10-02 14:11:42.217|ERROR|Default : 2|CIB|com.comarch.vibank.messenger.ejb.sms.SmsSendMDBean|SmsSendMDBean.onMessage||||||402202002|Bł±d podczas wysyłania sms; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted|com.comarch.cib.util.errors.PISystemException: Bł±d podczas wysyłania sms; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java:53)
at com.ibm.jsse2.by.a(by.java:346)
at com.ibm.jsse2.by.a(by.java:412)
at com.ibm.jsse2.w.a(w.java:80)
at com.ibm.jsse2.w.a(w.java:315)
at com.ibm.jsse2.v.a(v.java:85)
at com.ibm.jsse2.by.a(by.java:178)
at com.ibm.jsse2.by.l(by.java:431)
at com.ibm.jsse2.by.startHandshake(by.java:518)
at com.ibm.net.ssl.www.protocol.https.b.o(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.q.connect(Unknown Source)
at com.ibm.net.ssl.www.protocol.http.ci.getOutputStream(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.t.getOutputStream(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsCommunicationBean.sendSmsCode(SmsCommunicationBean.java:147)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsCommunication_9068e63e.sendSmsCode(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsManagerBean.sendSmsToInteria(SmsManagerBean.java:720)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsManager_b8da43cd.sendSmsToInteria(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsManagerBean.sendSms(SmsManagerBean.java:419)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsManager_b8da43cd.sendSms(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsSendMDBean.onMessage(SmsSendMDBean.java:104)
at com.ibm.ejs.container.MessageEndpointHandler.invokeMdbMethod(MessageEndpointHandler.java:1013)
at com.ibm.ejs.container.MessageEndpointHandler.invoke(MessageEndpointHandler.java:746)
at $Proxy0.onMessage(Unknown Source)
at com.ibm.ws.sib.api.jmsra.impl.JmsJcaEndpointInvokerImpl.invokeEndpoint(JmsJcaEndpointInvokerImpl.java:201)
at com.ibm.ws.sib.ra.inbound.impl.SibRaDispatcher.dispatch(SibRaDispatcher.java:572)
at com.ibm.ws.sib.ra.inbound.impl.SibRaSingleProcessListener$SibRaWork.run(SibRaSingleProcessListener.java:463)
at com.ibm.ejs.j2c.work.WorkProxy.run(WorkProxy.java:394)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:8)
at com.ibm.jsse2.w.a(w.java:2)
at com.ibm.jsse2.w.a(w.java:315)
at com.ibm.jsse2.v.a(v.java:85)
at com.ibm.jsse2.by.a(by.java:178)
at com.ibm.jsse2.by.l(by.java:431)
at com.ibm.jsse2.by.startHandshake(by.java:518)
at com.ibm.net.ssl.www.protocol.https.b.o(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.q.connect(Unknown Source)
at com.ibm.net.ssl.www.protocol.http.ci.getOutputStream(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.t.getOutputStream(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsCommunicationBean.sendSmsCode(SmsCommunicationBean.java:147)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsCommunication_9068e63e.sendSmsCode(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsManagerBean.sendSmsToInteria(SmsManagerBean.java:720)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsManager_b8da43cd.sendSmsToInteria(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsManagerBean.sendSms(SmsManagerBean.java:419)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsManager_b8da43cd.sendSms(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsSendMDBean.onMessage(SmsSendMDBean.java:104)
at com.ibm.ejs.container.MessageEndpointHandler.invokeMdbMethod(MessageEndpointHandler.java:1013)
at com.ibm.ejs.container.MessageEndpointHandler.invoke(MessageEndpointHandler.java:746)
at $Proxy0.onMessage(Unknown Source)
at com.ibm.ws.sib.api.jmsra.impl.JmsJcaEndpointInvokerImpl.invokeEndpoint(JmsJcaEndpointInvokerImpl.java:201)
at com.ibm.ws.sib.ra.inbound.impl.SibRaDispatcher.dispatch(SibRaDispatcher.java:572)
at com.ibm.ws.sib.ra.inbound.impl.SibRaSingleProcessListener$SibRaWork.run(SibRaSingleProcessListener.java:463)
at com.ibm.ejs.j2c.work.WorkProxy.run(WorkProxy.java:394)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)
com.comarch.cib.util.errors.PISystemException: Bł±d podczas wysyłania sms; nested exception is: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.comarch.vibank.messenger.ejb.sms.SmsCommunicationBean.sendSmsCode(SmsCommunicationBean.java:205)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsCommunication_9068e63e.sendSmsCode(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsManagerBean.sendSmsToInteria(SmsManagerBean.java:720)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsManager_b8da43cd.sendSmsToInteria(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsManagerBean.sendSms(SmsManagerBean.java:419)
at com.comarch.vibank.messenger.ejb.sms.EJSLocalStatelessSmsManager_b8da43cd.sendSms(Unknown Source)
at com.comarch.vibank.messenger.ejb.sms.SmsSendMDBean.onMessage(SmsSendMDBean.java:104)
at com.ibm.ejs.container.MessageEndpointHandler.invokeMdbMethod(MessageEndpointHandler.java:1013)
at com.ibm.ejs.container.MessageEndpointHandler.invoke(MessageEndpointHandler.java:746)
at $Proxy0.onMessage(Unknown Source)
at com.ibm.ws.sib.api.jmsra.impl.JmsJcaEndpointInvokerImpl.invokeEndpoint(JmsJcaEndpointInvokerImpl.java:201)
at com.ibm.ws.sib.ra.inbound.impl.SibRaDispatcher.dispatch(SibRaDispatcher.java:572)
at com.ibm.ws.sib.ra.inbound.impl.SibRaSingleProcessListener$SibRaWork.run(SibRaSingleProcessListener.java:463)
at com.ibm.ejs.j2c.work.WorkProxy.run(WorkProxy.java:394)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)

Any help very appreciated
Regards
Bizu

[pb...@casper.pl]

It seems as WAS stops seeing {WEBSPHERE_HOME}/java/jre/lib/security/cacerts file.
When we restart WAS everything works fine.

regards
Bizu

[Paul Ilechko]

WAS may have several different keystores that are used in different
situations. You should absolutely not be assuming that cacerts is the
only one. That is the JDK's default keystore.