IBM Support

PI69629: CWWKX8136W: CANNOT VALIDATE THE SERVER IDENTITY on BOTH ZOS AND DISTRIBUTED OPERATING SYSTEMS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Setting up a collective to use CA (Certificate Authority)
    certficate surfaces the following error at 16.0.0.3 during
    startup of the controler of member.
    
    This issue may be seen on both distributed and zOS environment.
    
    CWWKX8136W: Cannot validate the server identity. If security
    errors occur during collective operations, the server
    identity
    encapsulated in the certificate might not match the current
    runtime state.
    
    An FFDC log is also generated with stacktrace.
    Exception = java.security.cert.CertificateException
    Source =
    com.ibm.ws.collective.member.internal.security.CollectiveIde
    ntit
    yValidat
    or$ScheduledValidate
    probeid = 204
    Stack Dump = java.security.cert.CertificateException: The
    alias
    [serveridentity] is not present in the KeyStore as a
    certificate entry
    com.ibm.ws.ssl.internal.KeyStoreServiceImpl.getCertificateFr
    omKe
    yStore(
    com.ibm.ws.collective.member.internal.security.CollectiveIde
    ntit
    yValidator.validateServerIdentity(
    com.ibm.ws.collective.member.internal.security.CollectiveIde
    ntit
    yValidator.access$300(
    com.ibm.ws.collective.member.internal.security.CollectiveIde
    ntit
    yValidator$ScheduledValidate.call(
    com.ibm.ws.collective.member.internal.security.CollectiveIde
    ntit
    yValidat
    or$ScheduledValidate.call(CollectiveIdentityValidator.java:1
    33)
    to work with safkeyrings.
    java.util.concurrent.FutureTask.run
    java.util.concurrent.ThreadPoolExecutor.runWorker(
    java.util.concurrent.ThreadPoolExecutor$Worker.run(
    java.lang.Thread.run(Thread.java:798)
    
    The warning message and FFDC log do not affect the usage of
    collective.
    
    Note that service level 16.0.0.3 is needed for the
    collective
    to work with safkeyrings.
    

Local fix

  • Ignore warning and FFDC.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty who configured Collective    *
    *                  feature                                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: CWWKX8136W: CANNOT VALIDATE THE SERVER  *
    *                      IDENTITY                                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When Collective feature is configured with certificate from
    Certificate Authoriity(CA) or third party certificate,
    "CWWKX8136W: CANNOT VALIDATE THE SERVER IDENTITY" is logged
    along with FFDC.   There should be no functional impact.
    

Problem conclusion

Temporary fix

  • The warning and FFDC can be ignored.
    

Comments

APAR Information

  • APAR number

    PI69629

  • Reported component name

    LIBERTY PROF -

  • Reported component ID

    5655W6514

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-09-22

  • Closed date

    2016-10-14

  • Last modified date

    2017-02-10

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROF -

  • Fixed component ID

    5655W6514

Applicable component levels

  • RCD0 PSY

       UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"CD0","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2020