Troubleshooting
Problem
User unable to connect to myFilegateway using the HTTPS SSO adapter. User is able to logon into SSP page but when myFilegateway is selected as an option, browser will either return as a blank page or present an error.
Symptom
Browser Error:
Network Error (tcp_error)
A communication error occurred: ""
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
Note: The secureproxy.log indicates that direct trust fails. This is a indication that the user maybe using a self signed certificate.
Secureproxy Log.
[TLSCheck.checkDirectTrust] Signature did not match, continue with any remaining trusted certs.
direct trust check failed.
direct trust check failed - exception -java.security.cert.CertificateException: [TLSCheck.certificateCallback] direct trust returns false.
[TLSCheck.certificateCallback] direct trust exception (returns false).
java.security.cert.CertificateException: [TLSCheck.certificateCallback] direct trust returns false.
at com.sterlingcommerce.csp.perimeter.platform.SSPTLSCheck.certificateCallback(SSPTLSCheck.java:164) [ssp.jar:?]
at com.sterlingcommerce.perimeter.ssl.TLSTrustManagerWrapper.checkServerTrusted(TLSTrustManagerWrapper.java:219) [perimeter.jar:?]
at com.ibm.jsse2.wc.checkServerTrusted(wc.java:65) [?:7.0 build_20160616]
at com.ibm.jsse2.bb.a(bb.java:485) [?:7.0 build_20160616]
at com.ibm.jsse2.bb.a(bb.java:115) [?:7.0 build_20160616]
at com.ibm.jsse2.ab.t(ab.java:364) [?:7.0 build_20160616]
at com.ibm.jsse2.ab$1.a(ab$1.java:1) [?:7.0 build_20160616]
at com.ibm.jsse2.ab$1.run(ab$1.java:2) [?:7.0 build_20160616]
at java.security.AccessController.doPrivileged(AccessController.java:492) [?:1.7.0]
at com.ibm.jsse2.ab$c_.run(ab$c_.java:4) [?:7.0 build_20160616]
at com.sterlingcommerce.perimeter.ssl.TLSAgent.runHsTasks(TLSAgent.java:654) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.ssl.TLSAgent.processInbound(TLSAgent.java:584) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.ssl.TLSAgent$NetworkConduitAgent.canReceive(TLSAgent.java:793) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.api.conduit.DataConduitApiImpl$4.body(DataConduitApiImpl.java:305) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.api.ContextRunnable.run(ContextRunnable.java:41) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.api.scheduler.PooledScheduler$GatingScheduler$1.run(PooledScheduler.java:228) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.api.scheduler.TaskNode.run(TaskNode.java:62) [perimeter.jar:?]
at com.sterlingcommerce.perimeter.api.scheduler.DebugPooledExecutor$Worker.run(DebugPooledExecutor.java:786) [perimeter.jar:?]
at java.lang.Thread.run(Thread.java:798) [?:1.7.0]
Outbound Netmap Logging:
[HTTPS_Adapter_SSP-TLS-Thread-4] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSP0252E [TLSCheck.validCerts]Certificate validation check failed, error - 2
ERROR [HTTPS_Adapter_SSP-TLS-Thread-4] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSP0257E Certificate validation check failed - untrusted certificate
ERROR [HTTPS_Adapter_SSP-TLS-Thread-4] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSP0263E [TLSCheck.certificateCallback] direct trust check failed.
ERROR [HTTPS_Adapter_SSP-TLS-Thread-4] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSP0264E [TLSCheck.certificateCallback] direct trust check failed - exception -java.security.cert.CertificateException: [TLSCheck.certificateCallback] direct trust returns false.
ERROR [HTTPS_Adapter_SSP_FarScheduler-Thread-5] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSE0102E Attempt to secure server connection failed. Ensure that server accepts ssl_tlsv2 and any of the following ciphers: [SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA].
ERROR [HTTPS_Adapter_SSP_FarScheduler-Thread-5] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSE0112E Received server close error: SSL Handshake Failure
ERROR [HTTPS_Adapter_SSP_FarScheduler-Thread-5] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSE0114E Received server close but no data received. Review connection and SSL/TLS configuration to insure the correct host and attributes are specified.
ERROR [HTTPS_Adapter_SSP_FarScheduler-Thread-5] sys.NODE.SSO_HTTP_Netmap - http sessid=1495556998047_684789 SSE0112E Received server close error: SSL Handshake Failure
JSSE Logging:
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-5] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-5, WRITE: TLSv1.2 Handshake, length = 64
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-5] sys.SYSTEMOUT - %% Cached server session: [Session-347539, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA]
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-4] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-4, WRITE: TLSv1.2 Application Data, length = 170
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-4] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-4, called closeOutbound()
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-4] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-4, closeOutboundInternal()
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-4] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-4, SEND TLSv1.2 ALERT: warning, description = close_notify
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-4] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-4, WRITE: TLSv1.2 Alert, length = 48
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-1] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-1, called closeInbound()
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-1] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-1, closeInboundInternal()
DEBUG [HTTPS_Adapter_SSP-TLS-Thread-1] sys.SYSTEMOUT - HTTPS_Adapter_SSP-TLS-Thread-1, closeOutboundInternal()
[{"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.4.3","Edition":"All Editions","Line of Business":{"code":"LOB77","label":"Automation Platform"}},{"Product":{"code":"SS6PNW","label":"IBM Sterling Secure Proxy"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
17 December 2019
UID
swg22003764