SSL configuration problems

If problems occur with the SSL setup, you can use the information in this topic for root cause analysis.

SSL configuration error messages are stored in the following paths:

  • On the IBM® Service Management Unite side, the messages are stored in the WebSphere Application Server log file:
    <WAS_PROFILE>/logs/server1/SystemOut.log
  • On the Adapter side in the log file:
    /var/ibm/tivoli/common/eez/logs/msg<ADAPTER_TYPE>Adapter.log

The following list describes the most common SSL errors with their corresponding error messages.

  1. Corrupt or empty SSL truststore file specified
    1. Messages in the Adapter log:
      Table 1. Corrupt or empty SSL truststore file - Adapter messages
      Message Identifier Exception Text
      EEZA0038E Unrecognized keystore entry
      EEZA0038E Received fatal alert: certificate_unknown
      EEZA0022E No trusted certificate found
      EEZA0038E Certificate chain is null
    2. Messages in the Service Management Unite Automation WebSphere log:
      Table 2. Corrupt or empty SSL truststore file - Service Management Unite Automation messages
      Message Identifier Exception Text
      EEZA0038E Invalid keystore format
      EEZA0022E Received fatal alert: handshake_failure
      EEZJ0101E Embedded message EEZI0015E: Unable to connect to the adapter

    User response: Check SSL truststore files on Adapter and Service Management Unite Automation side.

  2. Corrupt or empty SSL keystore file specified
    1. Messages in the Adapter log:
      Table 3. Corrupt or empty SSL keystore file - Adapter messages
      Message Identifier Exception Text
      EEZA0038E No trusted certificate found
      EEZA0038E Received fatal alert: certificate_unknown
      EEZA0038E Invalid keystore format
      EEZA0032E Embedded message EEZA0033E: Unable to create socket factory object
      EEZA0105I Embedded return code rc=20: Adapter has been stopped due to initialization failure
    2. Messages in the Service Management Unite Automation WebSphere log:
      Table 4. Corrupt or empty SSL keystore file - Service Management Unite Automation messages
      Message Identifier Exception Text
      EEZA0038E Received fatal alert: certificate_unknown
      EEZA0038E Invalid keystore format
      EEZJ0101E Embedded message EEZI0046E: SSL connection could not be established
      EEZJ0101E Embedded message EEZI0015E: Unable to connect to the adapter

    User response: Check SSL keystore files on Adapter and IBM Service Management Unite Automation side.

  3. Wrong SSL keystore password specified
    1. Messages in the Adapter log:
      Table 5. Wrong SSL keystore password specified - Adapter messages
      Message Identifier Exception Text
      EEZA0038E Keystore was tampered with, or password was incorrect
      EEZA0032E Embedded message EEZA0033E: Unable to create socket factory object
      EEZA0105I Embedded return code rc=20: Adapter has been stopped due to initialization failure
    2. Messages in the Service Management Unite Automation WebSphere log:
      Table 6. Wrong SSL keystore password specified - Service Management Unite Automation messages
      Message Identifier Exception Text
      EEZA0038E Keystore was tampered with, or password was incorrect
      EEZA0033E Unable to create socket factory object
      EEZJ0101E Embedded message EEZI0046E: SSL connection could not be established

    User response: Check SSL keystore password on Adapter and IBM Service Management Unite Automation side.

  4. Wrong SSL certificate alias specified
    1. Messages in the Adapter log:
      Table 7. Wrong SSL certificate alias specified - Adapter messages
      Message Identifier Exception Text
      EEZA0038E Certificate chain is null
      EEZA0047E No available certificate corresponds to the SSL cipher suites which are enabled
      EEZA0047E No cipher suites in common
      EEZA0105I Embedded return code rc=12: Adapter has been stopped because initial contact failed
    2. Messages in the Service Management Unite Automation WebSphere log:
      Table 8. Wrong SSL certificate alias specified - Service Management Unite Automation messages
      Message Identifier Exception Text
      EEZA0022E Received fatal alert: handshake_failure
      EEZJ0101E Embedded message EEZI0015E: Unable to connect to the adapter

    User response: Check SSL certificate alias on Adapter and IBM Service Management Unite Automation side.

  5. Missing SSL configuration on one side
    1. Messages in the Adapter log:
      Table 9. Missing SSL configuration on one side - Adapter messages
      Message Identifier Exception Text
      EEZJ0101E Embedded message EEZI0021E: Using SSL is required for all first-level automation adapters but not enabled for this particular adapter

      Reason: SSL was configured only at the IBM Service Management Unite side and enforce use of SSL was enabled, or the adapter was not restarted after SSL was configured.

      User response: Check the SSL configuration on the adapter side and restart the adapter.

    2. Messages in the Service Management Unite Automation WebSphere log:
      Table 10. Missing SSL configuration on one side - Service Management Unite Automation messages
      Message Identifier Exception Text
      EEZA0038E No such file or directory
      EEZJ0101E Embedded message EEZI0046E: SSL connection could not be established

    Reason: SSL was only configured at the adapter side, or WebSphere was not restarted after SSL was configured.

    User response: Check the SSL configuration at the IBM Service Management Unite Automation side and restart WebSphere.

Parent topic: Troubleshooting for configuration