Topic
  • 3 replies
  • Latest Post - ‏2017-03-31T17:04:51Z by Ershadahemad
SystemAdmin
SystemAdmin
45 Posts

Pinned topic SSL handshake error on connecting to DMs

‏2013-02-07T15:01:25Z |
Hi,

Just started evaluating the WAS Perf Tuning tool and it looks promising so far. Unfortunately our Live/pre-Live WAS environments mandate MASSL and I'm not sure if the tool can handle this. I can connect to development environments with no issues, as these cells don't require a MASSL connection.

I speculatively tried exporting the private/public key from one of the pre-Live cells, and inserted it into the 'cacerts' keystore on the machine that has the WAS Perf Tool installed, unfortunately I'm still getting a handshake error.

So my queries are is:

1) Has anybody else got a working connection with a cell that needs a MASSL connection
2) If so, how to you configure the tool to use a specific keystore

thanks in advance,

Paul.
Updated on 2013-02-14T14:01:25Z at 2013-02-14T14:01:25Z by Shishir
  • SystemAdmin
    SystemAdmin
    45 Posts

    Re: SSL handshake error on connecting to DMs

    ‏2013-02-12T11:43:24Z  
    Hi,

    In case anyone else in interested, after some faffing around I managed to find a solution.

    The app launches as an Eclipse plugin, and this plugin contains a configurable file called PerfTuningToolkit.ini. For me, it was installed in:

    C:\Documents and Settings\<%USER>\<%USER>\applications\eclipse\plugins\com.ibm.esupport.tool.perftool.win_2.2.0.20120510

    I was able to configure this ini file to specify JVM SSL arguments:

    -Djavax.net.ssl.trustStore=C:/Program Files/Java/jre7/lib/security/trust.p12
    -Djavax.net.ssl.trustStorePassword=*****
    -Djavax.net.ssl.keyStore=C:/Program Files/Java/jre7/lib/security/key.p12
    -Djavax.net.ssl.keyStorePassword=*****
    -Djavax.net.ssl.trustStoreType=pkcs12
    -Djavax.net.ssl.keyStoreType=pkcs12

    I then extracted the relevant certificates from the cell and imported into the local keyfiles.

    This allowed me to connect to a MASSLd cell.

    regards,

    Paul.
  • Shishir
    Shishir
    28 Posts

    Re: SSL handshake error on connecting to DMs

    ‏2013-02-14T14:01:25Z  
    Hi,

    In case anyone else in interested, after some faffing around I managed to find a solution.

    The app launches as an Eclipse plugin, and this plugin contains a configurable file called PerfTuningToolkit.ini. For me, it was installed in:

    C:\Documents and Settings\<%USER>\<%USER>\applications\eclipse\plugins\com.ibm.esupport.tool.perftool.win_2.2.0.20120510

    I was able to configure this ini file to specify JVM SSL arguments:

    -Djavax.net.ssl.trustStore=C:/Program Files/Java/jre7/lib/security/trust.p12
    -Djavax.net.ssl.trustStorePassword=*****
    -Djavax.net.ssl.keyStore=C:/Program Files/Java/jre7/lib/security/key.p12
    -Djavax.net.ssl.keyStorePassword=*****
    -Djavax.net.ssl.trustStoreType=pkcs12
    -Djavax.net.ssl.keyStoreType=pkcs12

    I then extracted the relevant certificates from the cell and imported into the local keyfiles.

    This allowed me to connect to a MASSLd cell.

    regards,

    Paul.
    Hi Paul,

    Thanks for sharing the solution with the group.

    Regards
    Shishir
  • Ershadahemad
    Ershadahemad
    3 Posts

    Re: SSL handshake error on connecting to DMs

    ‏2017-03-31T17:04:51Z  
    Hi,

    In case anyone else in interested, after some faffing around I managed to find a solution.

    The app launches as an Eclipse plugin, and this plugin contains a configurable file called PerfTuningToolkit.ini. For me, it was installed in:

    C:\Documents and Settings\<%USER>\<%USER>\applications\eclipse\plugins\com.ibm.esupport.tool.perftool.win_2.2.0.20120510

    I was able to configure this ini file to specify JVM SSL arguments:

    -Djavax.net.ssl.trustStore=C:/Program Files/Java/jre7/lib/security/trust.p12
    -Djavax.net.ssl.trustStorePassword=*****
    -Djavax.net.ssl.keyStore=C:/Program Files/Java/jre7/lib/security/key.p12
    -Djavax.net.ssl.keyStorePassword=*****
    -Djavax.net.ssl.trustStoreType=pkcs12
    -Djavax.net.ssl.keyStoreType=pkcs12

    I then extracted the relevant certificates from the cell and imported into the local keyfiles.

    This allowed me to connect to a MASSLd cell.

    regards,

    Paul.

    Hi Paul,

    Can please elaborate your steps as PerformanceTuningToolkit2.0.0.9 - 32 bit windows based. 

    As it is using Java 1.6

    C:\IBM Softwares\PerformanceTuningToolkit2_win32\PerformanceTuningToolkit2.0.0.9\jre\bin>java.exe -version
    java version "1.6.0"
    Java(TM) SE Runtime Environment (build pwi3260sr9ifix-20110310_01(SR9+IZ90446))
    IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows 7 x86-32 jvmwi3260sr9-2010112
    4_69295 (JIT enabled, AOT enabled)
    J9VM - 20101124_069295
    JIT  - r9_20101028_17488ifx2
    GC   - 20101027_AA)
    JCL  - 20110310_01

    I'm mean we are struggling to configure the same.

     

    Regards,

    Ershadahemad