Additional actions for troubleshooting SSL problems

If SSL does not work correctly for the resource manager, you can take steps to investigate the problem, for example, by checking the stdout.log file and validating the snoop servlet.

1. In the WebSphere® Application Server administration console, expand Servers > WebSphere application servers > Application servers > icmrmyour application server name > Process definition > Java Virtual Machine. In the Generic JVM arguments field, append -Dicmrm.snoop.debug=all to enable debugging.
   Afterward when you finished debugging or collecting data, you can clear this value or set -Dicmrm.snoop.debug=no.
2. Enable logging for the WebSphere Application Server plug-in by changing the trace level from Error to Trace in C:\Program Files\WebSphere\AppServer\config\plugin-cfg.xml.
3. Shut down the IBM® HTTP Server.
4. Shut down WebSphere Application Server.
5. Restart WebSphere Application Server.
6. Check the WebSphere Application Server stdout.log and ensure that the resource manager is connected to Db2®.
   If there is a Db2 connection problem, check your WebSphere Application Server data source and JDBC provider settings.
7. Restart IBM HTTP Server.
8. In your web browser, go to: http://localhost:9080/icmrm/snoop.
   If the snoop page displays, you have validated that the resource manager snoop servlet is running for normal sockets.
9. Go to: http://your.host.name/icmrm/snoop.
   If the snoop page is displayed, you have validated that the resource manager snoop servlet is accessible through the IBM HTTP Server through the normal sockets.
10. Go to: http://localhost:9443/icmrm/snoop.
    If the snoop page is displayed, you have validated that the resource manager snoop servlets are accessible through SSL.

    If the snoop page does not display, the application server is not listening on port 9443. Port 9443 is used by default by WebSphere Application Server Single Server Edition (AES) with SSL enabled. For WebSphere Application Server Advanced Edition, the port must be manually configured or you can use a non-SSL link for the connection from the IBM HTTP Server plug-in to the WebSphere Application Server.

    If this test works, you can choose to modify the resource manager HTTPS port to 9443 and not use IBM HTTP Server.

11. Go to: http://your.host.name/icmrm/ICMResourceManager.
    If a resource manager error window is displayed, you have validated that your SSL configuration is working.
12. If, after you have gone through all of these steps, the system administration client still presents an error when it accesses the resource manager, you might have an incorrect password.
    You know that the password in the WebSphere Application Server data source is correct because you are able to successfully access Db2. Use the system administration client to change or update the resource manager password in the library server. When you know that the new password is correct and works, log in using the new password.