I am trying to deploy a web application on WAS 9.0.5.5. It is a standalone node without management node. After creating an empty profile and starting it using startServer.sh, everything was fine and the WAS console (9043 port) was available. But after the application deployment, found that the WAS console was inaccessible after a long SSL handshake. Not sure why this happened since I did not change any SSL setting. Could see the SSL_TLSv2 was set both on the console and in the ssl.client.props
com.ibm.ssl.alias=DefaultSSLSettings
com.ibm.ssl.protocol=SSL_TLSv2
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustManager=IbmPKIX
com.ibm.ssl.keyManager=IbmX509
com.ibm.ssl.contextProvider=IBMJSSE2
com.ibm.ssl.enableSignerExchangePrompt=gui
Also the stopServer.sh failed with the error below. Any advice for me to get out here?
************ Start Display Current Environment ************
Host Operating System is Linux, version 3.10.0-1062.el7.x86_64
Java version = 1.8.0_261, Java Runtime Version = 8.0.6.16 - pxa6480sr6fp16-20200902_01(SR6 FP16), Java Compiler = j9jit29, Java VM name = IBM J9 VM
was.install.root = /opt/IBM/WebSphere/AppServer
user.install.root = /opt/IBM/WebSphere/AppServer/profiles/MPA
Java Home = /opt/IBM/WebSphere/AppServer/java/8.0/jre
ws.ext.dirs = /opt/IBM/WebSphere/AppServer/java/8.0/lib:/opt/IBM/WebSphere/AppServer/classes:/opt/IBM/WebSphere/AppServer/lib:/opt/IBM/WebSphere/AppServer/installedChannels:/opt/IBM/WebSphere/AppServer/lib/ext:/opt/IBM/WebSphere/AppServer/web/help:/opt/IBM/WebSphere/AppServer/deploytool/itp/plugins/com.ibm.etools.ejbdeploy/runtime
Classpath = /opt/IBM/WebSphere/AppServer/profiles/MPA/properties:/opt/IBM/WebSphere/AppServer/properties:/opt/IBM/WebSphere/AppServer/lib/startup.jar:/opt/IBM/WebSphere/AppServer/lib/bootstrap.jar:/opt/IBM/WebSphere/AppServer/java/8.0/lib/tools.jar:/opt/IBM/WebSphere/AppServer/lib/lmproxy.jar:/opt/IBM/WebSphere/AppServer/lib/urlprotocols.jar
Java Library path = /opt/IBM/WebSphere/AppServer/java/8.0/jre/lib/amd64/compressedrefs:/opt/IBM/WebSphere/AppServer/java/8.0/jre/lib/amd64:/opt/IBM/WebSphere/AppServer/lib/native/linux/x86_64/:/opt/IBM/WebSphere/AppServer/bin:/opt/IBM/WebSphere/AppServer/nulldllsdir:/usr/lib64:/usr/lib
Orb Version = IBM Java ORB build orbdev-userlvl-20200106.1711
Max file descriptor count = 50000
Current trace specification = *=info
************* End Display Current Environment *************
[12/16/20 1:48:06:032 PST] 00000001 ManagerAdmin I TRAS0017I: The startup trace state is *=info.
[12/16/20 1:48:06:132 PST] 00000001 AdminTool A ADMU0128I: Starting tool with the MPA profile
[12/16/20 1:48:06:133 PST] 00000001 AdminTool A ADMU3100I: Reading configuration for server: mpa_server
[12/16/20 1:48:06:169 PST] 00000001 ModelMgr I WSVR0801I: Initializing all server configuration models
[12/16/20 1:48:08:657 PST] 00000001 ProviderTrack I com.ibm.ffdc.osgi.ProviderTracker AddingService FFDC1007I: FFDC Provider Installed: com.ibm.ffdc.util.provider.FfdcOnDirProvider@5896a505
[12/16/20 1:48:08:921 PST] 00000001 SSLConfig W CWPKI0041W: One or more key stores are using the default password.
[12/16/20 1:48:08:929 PST] 00000001 SSLConfigMana I CWPKI0051I: The process has the java security property jdk.certpath.disabledAlgorithms set to [MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224]. The WebSphere Application server is setting the java security property jdk.certpath.disabledAlgorithms to [MD2, RSA keySize < 1024, MD5].
[12/16/20 1:48:08:930 PST] 00000001 SSLConfigMana I CWPKI0051I: The process has the java security property jdk.tls.disabledAlgorithms set to [SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, EC keySize < 224, 3DES_EDE_CBC, anon, NULL]. The WebSphere Application server is setting the java security property jdk.tls.disabledAlgorithms to [SSLv3, RC4, DH keySize < 768, MD5withRSA].
[12/16/20 1:48:08:933 PST] 00000001 SSLConfigMana I CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.
[12/16/20 1:48:08:962 PST] 00000001 SecurityObjec I CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
[12/16/20 1:51:15:474 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.1445219360461837085.txt com.ibm.ws.ssl.channel.impls.SSLUtils 1052
[12/16/20 1:51:15:601 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.5712207576305752668.txt com.ibm.ws.ssl.channel.impl.SSLConnectionLink 540
[12/16/20 1:51:15:919 PST] 00000001 SecurityObjec I CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
[12/16/20 1:51:15:920 PST] 00000001 SecurityConne A JSAS0006I: Security connection interceptor init
ialized.
[12/16/20 1:51:15:935 PST] 00000001 ServiceInit A JSAS0001I: Security configuration initialized.
[12/16/20 1:51:15:936 PST] 00000001 ServiceInit A JSAS0003I: Authentication mechanism: BASICAUTH
[12/16/20 1:51:15:974 PST] 00000001 CSIClientRI A JSAS0007I: Client request interceptor registered.
[12/16/20 1:51:16:639 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.7382828071492998187.txt com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket 222
[12/16/20 1:51:16:828 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.5725476233661856283.txt com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket 270
[12/16/20 1:51:16:884 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.2654931705161208931.txt com.ibm.ws.naming.util.CommonHelpers.retry 876
[12/16/20 1:51:16:984 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.1815847588980124586.txt com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt 1443
[12/16/20 1:51:16:996 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.1476667816130282325.txt com.ibm.ws.naming.util.Helpers.logJndiContextException 1636
[12/16/20 1:51:17:080 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.6880057812892354780.txt com.ibm.ws.management.connector.rmi.RMIConnectorClient.reconnect 237
[12/16/20 1:51:17:260 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.5125431433737765534.txt com.ibm.websphere.management.AdminClientFactory.createAdminClient 267
[12/16/20 1:51:17:563 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.3289464480553651737.txt com.ibm.ws.management.connector.jsr160rmi.JSR160RMIConnectorClient.reconnect 179
[12/16/20 1:51:17:668 PST] 00000001 Ffdc I com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/ffdc/ffdc.2859402585966834209.txt com.ibm.websphere.management.AdminClientFactory.createAdminClient 275
[12/16/20 1:51:17:674 PST] 00000001 WsServerStop E ADMU3002E: Exception attempting to process server mpa_server
[12/16/20 1:51:17:675 PST] 00000001 WsServerStop E ADMU3007E: Exception com.ibm.websphere.management.exception.ConnectorException: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host dyn-23.datadomain.com at port 8880.
[12/16/20 1:51:17:676 PST] 00000001 WsServerStop A ADMU3007E: Exception com.ibm.websphere.management.exception.ConnectorException: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host dyn-23.datadomain.com at port 8880.
at com.ibm.ws.management.connector.ConnectorHelper.createConnector(ConnectorHelper.java:628)
at com.ibm.ws.management.tools.WsServerStop.runTool(WsServerStop.java:373)
at com.ibm.ws.management.tools.AdminTool.executeUtility(AdminTool.java:271)
at com.ibm.ws.management.tools.WsServerStop.main(WsServerStop.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234)
at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:101)
at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587)
at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:354)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340)
at org.eclipse.core.launcher.Main.basicRun(Main.java:282)
at org.eclipse.core.launcher.Main.run(Main.java:981)
at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:422)
at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:179)
Caused by: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host dyn-23.datadomain.com at port 8880.
at com.ibm.websphere.management.AdminClientFactory.createAdminClientPrivileged(AdminClientFactory.java:635)
at com.ibm.websphere.management.AdminClientFactory.access$000(AdminClientFactory.java:127)
at com.ibm.websphere.management.AdminClientFactory$1.run(AdminClientFactory.java:210)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:63)
at com.ibm.websphere.management.AdminClientFactory.createAdminClient(AdminClientFactory.java:206)
at com.ibm.ws.management.connector.ConnectorHelper.tryProtocol(ConnectorHelper.java:665)
at com.ibm.ws.management.connector.ConnectorHelper.createConnector(ConnectorHelper.java:597)
... 29 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
at com.ibm.websphere.management.AdminClientFactory.createAdminClientPrivileged(AdminClientFactory.java:457)
... 35 more
Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error]
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:439)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.<init>(SOAPConnectorClient.java:238)
... 40 more
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: internal_error]
at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:475)
at org.apache.soap.rpc.Call.WASinvoke(Call.java:510)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient$4.run(SOAPConnectorClient.java:397)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:382)
... 41 more
[12/16/20 1:51:17:692 PST] 00000001 AdminTool A ADMU0509I: The server "mpa_server" cannot be reached. It appears to be stopped.
[12/16/20 1:51:17:693 PST] 00000001 AdminTool A ADMU0211I: Error details may be seen in the file: /opt/IBM/WebSphere/AppServer/profiles/MPA/logs/mpa_server/stopServer.log
LE: I managed to fix the issue. In my case, the only supported protocol is "SSL_TLS", more about the protocols at https://www.ibm.com/docs/en/imdmcdhsa/11.6.0?topic=server-setting-ssl-protocol-version
I also updated the security.xml file, although is mentioned that's required only in TLSv1.2 protocol case.