SSL configuration problems
If problems occur with the SSL setup, you can use the information in this topic for root cause analysis.
SSL configuration error messages are stored in the following paths:
- On the IBM® Service
Management Unite side, the messages are stored in the WebSphere
Application Server log file:
<WAS_PROFILE>/logs/server1/SystemOut.log
- On the Adapter side in the log
file:
/var/ibm/tivoli/common/eez/logs/msg<ADAPTER_TYPE>Adapter.log
The following list describes the most common SSL errors with their corresponding error messages.
- Corrupt or empty SSL truststore file specified
- Messages in the Adapter log:
Table 1. Corrupt or empty SSL truststore file - Adapter messages Message Identifier Exception Text EEZA0038E Unrecognized keystore entry EEZA0038E Received fatal alert: certificate_unknown EEZA0022E No trusted certificate found EEZA0038E Certificate chain is null - Messages in the Service Management Unite Automation WebSphere log:
Table 2. Corrupt or empty SSL truststore file - Service Management Unite Automation messages Message Identifier Exception Text EEZA0038E Invalid keystore format EEZA0022E Received fatal alert: handshake_failure EEZJ0101E Embedded message EEZI0015E: Unable to connect to the adapter
User response: Check SSL truststore files on Adapter and Service Management Unite Automation side.
- Messages in the Adapter log:
- Corrupt or empty SSL keystore file specified
- Messages in the Adapter log:
Table 3. Corrupt or empty SSL keystore file - Adapter messages Message Identifier Exception Text EEZA0038E No trusted certificate found EEZA0038E Received fatal alert: certificate_unknown EEZA0038E Invalid keystore format EEZA0032E Embedded message EEZA0033E: Unable to create socket factory object EEZA0105I Embedded return code rc=20: Adapter has been stopped due to initialization failure - Messages in the Service Management Unite Automation WebSphere log:
Table 4. Corrupt or empty SSL keystore file - Service Management Unite Automation messages Message Identifier Exception Text EEZA0038E Received fatal alert: certificate_unknown EEZA0038E Invalid keystore format EEZJ0101E Embedded message EEZI0046E: SSL connection could not be established EEZJ0101E Embedded message EEZI0015E: Unable to connect to the adapter
User response: Check SSL keystore files on Adapter and IBM Service Management Unite Automation side.
- Messages in the Adapter log:
- Wrong SSL keystore password specified
- Messages in the Adapter log:
Table 5. Wrong SSL keystore password specified - Adapter messages Message Identifier Exception Text EEZA0038E Keystore was tampered with, or password was incorrect EEZA0032E Embedded message EEZA0033E: Unable to create socket factory object EEZA0105I Embedded return code rc=20: Adapter has been stopped due to initialization failure - Messages in the Service Management Unite Automation WebSphere log:
Table 6. Wrong SSL keystore password specified - Service Management Unite Automation messages Message Identifier Exception Text EEZA0038E Keystore was tampered with, or password was incorrect EEZA0033E Unable to create socket factory object EEZJ0101E Embedded message EEZI0046E: SSL connection could not be established
User response: Check SSL keystore password on Adapter and IBM Service Management Unite Automation side.
- Messages in the Adapter log:
- Wrong SSL certificate alias specified
- Messages in the Adapter log:
Table 7. Wrong SSL certificate alias specified - Adapter messages Message Identifier Exception Text EEZA0038E Certificate chain is null EEZA0047E No available certificate corresponds to the SSL cipher suites which are enabled EEZA0047E No cipher suites in common EEZA0105I Embedded return code rc=12: Adapter has been stopped because initial contact failed - Messages in the Service Management Unite Automation WebSphere log:
Table 8. Wrong SSL certificate alias specified - Service Management Unite Automation messages Message Identifier Exception Text EEZA0022E Received fatal alert: handshake_failure EEZJ0101E Embedded message EEZI0015E: Unable to connect to the adapter
User response: Check SSL certificate alias on Adapter and IBM Service Management Unite Automation side.
- Messages in the Adapter log:
- Missing SSL configuration on one side
- Messages in the Adapter log:
Table 9. Missing SSL configuration on one side - Adapter messages Message Identifier Exception Text EEZJ0101E Embedded message EEZI0021E: Using SSL is required for all first-level automation adapters but not enabled for this particular adapter Reason: SSL was configured only at the IBM Service Management Unite side and enforce use of SSL was enabled, or the adapter was not restarted after SSL was configured.
User response: Check the SSL configuration on the adapter side and restart the adapter.
- Messages in the Service Management Unite Automation WebSphere log:
Table 10. Missing SSL configuration on one side - Service Management Unite Automation messages Message Identifier Exception Text EEZA0038E No such file or directory EEZJ0101E Embedded message EEZI0046E: SSL connection could not be established
Reason: SSL was only configured at the adapter side, or WebSphere was not restarted after SSL was configured.
User response: Check the SSL configuration at the IBM Service Management Unite Automation side and restart WebSphere.
- Messages in the Adapter log: