PQ95282: ADMIN CONSOLE LOCKS UP. USING LDAP SECURITY WITH SSL AFTER PQ90945 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Environment: Webpshere Application server Version 5.1.1 cumulative fix 1 (V5.1.1.1). Global Security is enabled User Registry is LDAP. Using SSL to comunicate between WAS and LDAP - Scenario 1: - Logon to Administrative Console. - After 10-15 minutes the console locks up. - Need to recycle Deployment Manager to clear it up. - Scenario 2: - Logon to Administractive Console with incorrect user id. - No one is able to login with correct user. - Need to recycle Deployment Manager to clear it up. - Message issued: the log is: SECJ0336E: Authentication failed for user Root exception is java.io.IOException: Keystore was tampered with, or password was incorrect at java.security.KeyStore.load(KeyStore.java:695) at com.ibm.ws.ssl.SSLConfig.getSSLContext(SSLConfig.java:882) - Other possible messages that are resolved with this APAR: - SSLConfig d Exception getting SSL context: Keystore was tampered with, or password was incorrect java.io.IOException: Keystore was tampered with, or password was incorrect at com.ibm.crypto.provider.JavaKeyStore.engineLoad at java.security.KeyStore.load(KeyStore.java:695) at com.ibm.ws.ssl.SSLConfig.getKeyStore(SSLConfig.java:1063) at com.ibm.ws.ssl.SSLConfig.getSSLContext(SSLConfig.java:882) at com.ibm.ws.ssl.SSLConfig.getServerSocketFactory(SSLConfig at com.ibm.ws.ssl.SSLServerSocketFactory.createServerSocket at com.ibm.ws.http.HttpTransport.initialize(HttpTransport. ... - SRVE0146E: Failed to Start Transport on host *, port 9443. The most likely cause is that the port is already in use. Please ensure that no other applications are using this port and restart the server. com.ibm.ws.webcontainer.exception. TransportException: Failed to start transport https: java.io.IOException: Keystore was tampered with, or password was incorrectLocal fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users who have * * enabled global security and have configured * * LDAP to use SSL. * **************************************************************** * PROBLEM DESCRIPTION: The Administration Console may hang. * **************************************************************** * RECOMMENDATION: * **************************************************************** When Global Security is enabled with user Registry as LDAP and using SSL to comunicate between WAS and LDAP, the following might happen. Scenario 1: - Logon to Administrative Console. - After 10-15 minutes the console locks up. -Need to recycle Deployment Manager to clear it up. Scenario 2: - Logon to Administractive Console with incorrect user id. - No one is able to login with correct user. - Need to recycle Deployment Manager to clear it up. The error log will be SECJ0336E: Authentication failed for user Root exception is java.io.IOException: Keystore was tampered with, or password was incorrect The reson for this was that the Keystore and Truststore passwords were masked to prevent them from being displayed in FFDC data. This masking inadvertantly changed the password for the runtime.Problem conclusion Keystore and Truststore passwords, as well as other SSL config data are no longer logged at all removing the need for masking the password.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 003
Software edition:
Reference #: PQ95282
IBM Group: Software Group
Modified date: Oct 13, 2005
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.