APAR status
Closed as user error.
Error description
You have installed the correct root + intermediate certificates into your CACERTS file. You then have an XPage making a call to an HTTPS address. Sample code: <?xml version="1.0" encoding="UTF-8"?> <xp:view xmlns:xp="http://www.ibm.com/xsp/core"> <xp:this.beforePageLoad> <![CDATA[#{javascript:new java.net.URL("https://www.mysslserver.test/").openStream();]]> </xp:this.beforePageLoad> </xp:view> It fails with the following error. javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 3659 com.ibm.jsse2.o.a(o.java:15) com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:460) com.ibm.jsse2.kb.a(kb.java:294) com.ibm.jsse2.kb.a(kb.java:533) com.ibm.jsse2.lb.a(lb.java:55) com.ibm.jsse2.lb.a(lb.java:581) com.ibm.jsse2.kb.s(kb.java:11) com.ibm.jsse2.kb.a(kb.java:394) com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:44) com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:496) com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:528) com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:50 5) com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:83) com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:31) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpU RLConnection.java:1184) com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:40) java.net.URL.openStream(URL.java:1022) ... java.security.cert.CertificateException: 3659 com.ibm.domino.napi.ssl.DominoX509TrustManager.checkServerTruste d(DominoX509TrustManager.java:98) com.ibm.jsse2.lb.a(lb.java:468) com.ibm.jsse2.lb.a(lb.java:581) com.ibm.jsse2.kb.s(kb.java:11) com.ibm.jsse2.kb.a(kb.java:394) com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:44) com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:496) com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:528) com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:50 5) com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:83) com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:31) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpU RLConnection.java:1184) com.ibm.net.ssl.www2.protocol.https.b.getInputStream(b.java:40) java.net.URL.openStream(URL.java:1022) The same sample works in 8.5.3.
Local fix
Add the certificate to the Domino certificates in the Admin client "Certificates view". Select the action "Import internet certificates" to add it. After that open the certficate and select the action "Create cross certificate". Select the correct server/certifer. Once completed restart the HTTP service.
Problem summary
Problem conclusion
Temporary fix
Comments
This APAR is associated with SPR# SODY97XCC7. The problem was caused by a user error or user misunderstanding.
APAR Information
APAR number
LO75408
Reported component name
DOMINO SERVER
Reported component ID
5724E6200
Reported release
900
Status
CLOSED USE
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-05-22
Closed date
2013-06-19
Last modified date
2013-06-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTMJ","label":"Lotus Domino"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
19 June 2013