IBM BS029ML Self Help Guide - Page 149
Step 2: Verify certificates, Step 3: Enable WebSphere Application Server security trace and JSSE trace
![]() |
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 149 highlights
The commonly seen SSL handshake problems are summarized in Table 4-6. Table 4-6 SSL handshake exceptions Error returned possible cause Bad certificate The certificate is not signed by a known trusted CA. Unknown certificate Certificate expired Handshake failure Certificate not trusted The certificate is not from a known CA chain. The date or time associated with the certificate has passed. No common cipher protocols available. An untrusted self-signed certificate in the client. Reference the WebSphere Information Center for details about these exceptions and how to resolve them. Step 2: Verify certificates Depending on what key or trust files are used and whether mutual SSL is configured, use the appropriate tools to open the files to verify the certificates are indeed in them and they are still valid, that is, not expired. When creating your own self-signed certificates or using the default dummy one in the WebSphere Application Server, make a note of their expiration date. For some sites, it may not require a certificate from a Certificate Authority, but the certificates must be replaced before they are expired. Step 3: Enable WebSphere Application Server security trace and JSSE trace To set the JSSE trace, add a custom property with the name "javax.net.debug" and value "true" in the WebSphere Application Server admin console for the JVM running. Before verifying portal server applications, try to test some WebSphere applications, such as snoop. This is to make sure the WebSphere Application Server configuration is correct. Step 4: Review portal configuration If there is an issue with login or logout redirection, then the redirection settings in ConfigService. should be reviewed. Try to put the default setting back and test it. Sometimes, the mistake might have been made in changing web.xml of wps.ear. Within a cluster, any changes to the web.xml requires a redeploy of wps.ear. Chapter 4. WebSphere Portal security 135
![](/manual_guide/products/ibm-bs029ml-self-help-guide-6d3dd71/149.png)