Table of Contents
Advertisement
The commonly seen SSL handshake problems are summarized in Table 4-6.
Table 4-6 SSL handshake exceptions
Error returned
Bad certificate
Unknown certificate
Certificate expired
Handshake failure
Certificate not trusted
Reference the WebSphere Information Center for details about these exceptions and how to
resolve them.
Step 2: Verify certificates
Depending on what key or trust files are used and whether mutual SSL is configured, use the
appropriate tools to open the files to verify the certificates are indeed in them and they are still
valid, that is, not expired. When creating your own self-signed certificates or using the default
dummy one in the WebSphere Application Server, make a note of their expiration date. For
some sites, it may not require a certificate from a Certificate Authority, but the certificates
must be replaced before they are expired.
Step 3: Enable WebSphere Application Server security trace and JSSE trace
To set the JSSE trace, add a custom property with the name "javax.net.debug" and value
"true" in the WebSphere Application Server admin console for the JVM running. Before
verifying portal server applications, try to test some WebSphere applications, such as snoop.
This is to make sure the WebSphere Application Server configuration is correct.
Step 4: Review portal configuration
If there is an issue with login or logout redirection, then the redirection settings in
ConfigService. should be reviewed. Try to put the default setting back and test it.
Sometimes, the mistake might have been made in changing web.xml of wps.ear. Within a
cluster, any changes to the web.xml requires a redeploy of wps.ear.
possible cause
The certificate is not signed by a known trusted CA.
The certificate is not from a known CA chain.
The date or time associated with the certificate has passed.
No common cipher protocols available.
An untrusted self-signed certificate in the client.
Chapter 4. WebSphere Portal security
135
Advertisement
Table of Contents
Troubleshooting
