Troubleshooting
Problem
After applying LA0029, the Config Editor can fail to connect to the TDI Server.
Symptom
The 'Default Server' icon in the Config Editor shows as disconnected.
Cause
The default certificate provided with TDI 7.1 at release time, is not compatible with the newer TLS protocols enforced by the JVMs found after LA0029.
Environment
TDI 7.1.0.8 with LA0029
Diagnosing The Problem
First, on a review of the TDI Config Editor log file (workspace/.metadata/.log) the follow error will be seen.
!MESSAGE java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Second, on a review of a SSL trace between the Config Editor and TDI Server the following errors will be found. For instruction on collecting a SSL trace, refer to technote #7045664
ServerHandshaker.setupPrivateKeyAndChain RSA
Ignoring alias server: signature does not conform to negotiated signature algorithms
..
..
SEND TLSv1 ALERT: fatal, description = handshake_failure
WRITE: TLSv1 Alert, length = 2
called closeSocket()
handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Resolving The Problem
A new certificate is required for the TDI Server which implements a signature algorithm supported by the JVM, for example 'SHA1withRSA'. For further details on creating/manager certificates for TDI, refer to the following links.
http://www-01.ibm.com/support/docview.wss?uid=swg21575975
http://www.ibm.com/support/knowledgecenter/SSCQGF_7.1.1/com.ibm.IBMDI.doc_7.1.1/adminguide36.htm
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21987863