|
Problem(Abstract) |
If security is enabled, the Administrative Console fails
to come up if Client Authentication is enabled. |
|
|
|
Cause |
Following the instructions under the document Mustgather:
JSSE, SSL, or JCE problems, the SystemOut.log file shows the following
at the time of the attempt to access the Administrative Console:
SystemOut O << sendServerHello.
SystemOut O SSL version: 3.0
SystemOut O SSL_RSA_WITH_RC4_128_MD5
SystemOut O << sendCertificate.
SystemOut O <<
sendCertificateRequest.
SystemOut O << sendServerHelloDone.
SystemOut O >> handleException
<com.ibm.sslite.p@6449d560>
SystemOut O Exception: EOF
...
SystemOut O Alert: warning, no certificate
From the above exception, it is seen that a certificate request is sent,
but no certificate is found. |
|
|
Resolving the
problem |
The 'sendCertificateRequest' is only used during client
certificate authentication. This means that the SSL Repertoire setting
'Client Authentication' is set to true. This setting specifies whether or
not to request a certificate from the client for authentication purposes
when making a connection.
In the case of accessing the Administrative Console, the client is the
browser, and there is no certificate for the browser to present, so Client
Authentication should be disabled on the node in which the Administrative
Console resides.
To disable Client Authentication, disable security using the securityoff
command in wsadmin:
<WAS_HOME>/bin/> wsadmin
-conntype NONE
wsadmin> securityoff
wsadmin> exit
Then restart the server (Dmgr for federated environments, server1 for
base). You can now access the Administrative Console since security is
disabled. Go to the SSL settings under Security > SSL >
<YourSSLRepertoire>. Uncheck 'Client Authentication'. Enable
security, save the changes, and restart the server and you can now access
the Administrative Console with security enabled.
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|