Application Server does not start. SECJ0352E - certificate expired
 Technote (troubleshooting)
 
Problem(Abstract)
Attempting to start IBM® WebSphere® Application Server fails with error, SECJ0352E: Could not get the users matching the pattern
cn=wps51bind,ou=WebSphereAccounts,ou=DomainUsers,dc=trs,dc=work,dc=local
because of the following exception javax.naming.CommunicationException: simple bind failed: trs-dc1.trs.work.local:636. Root exception is javax.net.ssl.SSLHandshakeException: certificate expired.

Application Server is configured to communication to the LDAP server with SSL encryption.
 
Cause
Run with JSSE debug module following the instructions in technote,
MustGather: Java Secure Socket Extension (JSSE), SSL or Java Cryptography Extensions (JCE) problems

The systemout.log shows the follow trace:

SystemOut O << sendAlert.
SystemOut O Alert: fatal, certificate expired
....
SystemOut O >> serverCertificate.
SystemOut O Cert[0]

com.ibm.sslite.j@7773d9a7
subject: CN=trs-dc1.TRS.WORK.LOCAL
issuer: CN=Work Root CA,OU=IT,O=Work School,L=West Hampster,ST=NC,C=US
serial: 15:85:A3:55:00:00:00:00:00:01
valid from: Tue Jul 08 12:40:17 EDT 2003
valid to: Fri Jul 08 12:50:17 EDT 2005
key: 1024-bit RSA
MD5-hash: 5C:43:B0:28:57:AB:08:35:F5:34:45:CC:59:95:25:04
SHA-hash: 5E:FA:E9:AA:5A:FD:A9:39:D5:DC:D3:35:20:F6:CB:65:45:59:57:0E

The statement SystemOut O >> serverCertificate indicates this is the server certificate. The statement valid to: Fri Jul 08 12:50:17 EDT 2005 indicates the certificate is expired.

When the Application Server communicates to the LDAP, the LDAP is considered the server.
This mean the certificate on the LDAP server is expired. The keyfile on the Application Server does not contain this expired certificate.
 
Resolving the problem
Work with the LDAP administrator to update the expired certificate on the LDAP server.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Java Security (JSSE/JCE)
Operating system(s): Windows
Software version: 5.1
Software edition:
Reference #: 1214439
IBM Group: Software Group
Modified date: Aug 15, 2005