IBM Support

An SSL handshake failure occurs when you configure a Content Engine profile (WebSphere Application Server only)

Troubleshooting


Problem

You cannot configure a Content Engine profile in an IBM® WebSphere® Application Server environment. An SSL handshake failure occurs in FileNet Configuration Manager when you try to configure the application server properties.

Symptom

When you try to select an application server cell in the Set Properties for WebSphere Application Server window in FileNet Configuration Manager, an error occurs. The error displays the following message:

Connection error: java.lang.exception: An SSL handshake failure occurred from a secure client. Add the server's SSL signer to the client's trust store

Cause

The security certificate that is used by WebSphere Application Server is either expired or is not yet valid.

Environment

IBM® WebSphere® Application Server

Diagnosing The Problem

To diagnose the problem, perform the following steps:

  1. Use a web browser to open the WebSphere Application Server administrative console by entering the appropriate URL. The default URL is https://<machinename>:9443/ibm/console. Click View Certificate on the Security Alert window.
  2. In the Certificate window, click the Details tab and select Serial Number from the list.. Calculate the decimal value from the hexadecimal serial number value that is displayed. (In this example, 04C048F51A3F is equal to 5223904254527.) You will use the decimal value in the next step. Click OK to continue.

  3. Log on to the WebSphere Application Server administrative console and navigate to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Personal certificates.
  4. In the "Personal certificates" pane, determine which security certificate is being used by comparing the decimal value of the serial number that you obtained in the previous step with the serial number of each certificate. (Using the example from the previous step, you can see that the default certificate is being used.) You can check the Expiration column for the validity of the certificate. If the certificate is not valid, you must renew the certificate.

Resolving The Problem

To resolve the problem, perform the following steps:

  1. Verify that the system date is correct on the WebSphere Application Server.
  2. If the system date is correct and does not fall within the certificate's Expiration date range, renew the certificate by clicking Renew in the WebSphere Application Server administrative console "Personal Certificates" pane.
  3. Restart Configuration Manager.

[{"Product":{"code":"SSNVNV","label":"FileNet Content Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Content Engine","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.5.0;4.5.1;5.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21459255

Page Feedback