|
Problem(Abstract) |
Attempting to start IBM® WebSphere® Application Server
fails with error, SECJ0352E: Could not get the users matching the pattern
cn=wps51bind,ou=WebSphereAccounts,ou=DomainUsers,dc=trs,dc=work,dc=local
because of the following exception javax.naming.CommunicationException:
simple bind failed: trs-dc1.trs.work.local:636. Root exception is
javax.net.ssl.SSLHandshakeException: certificate expired.
Application Server is configured to communication to the LDAP server with
SSL encryption. |
|
|
|
Cause |
Run with JSSE debug module following the instructions in
technote,
MustGather:
Java Secure Socket Extension (JSSE), SSL or Java Cryptography Extensions
(JCE) problems
The systemout.log shows the follow trace:
SystemOut O << sendAlert.
SystemOut O Alert: fatal, certificate expired
....
SystemOut O >> serverCertificate.
SystemOut O Cert[0]
com.ibm.sslite.j@7773d9a7
subject: CN=trs-dc1.TRS.WORK.LOCAL
issuer: CN=Work Root CA,OU=IT,O=Work School,L=West Hampster,ST=NC,C=US
serial: 15:85:A3:55:00:00:00:00:00:01
valid from: Tue Jul 08 12:40:17 EDT 2003
valid to: Fri Jul 08 12:50:17 EDT 2005
key: 1024-bit RSA
MD5-hash: 5C:43:B0:28:57:AB:08:35:F5:34:45:CC:59:95:25:04
SHA-hash:
5E:FA:E9:AA:5A:FD:A9:39:D5:DC:D3:35:20:F6:CB:65:45:59:57:0E
The statement SystemOut O >> serverCertificate indicates this
is the server certificate. The statement valid to: Fri Jul 08 12:50:17
EDT 2005 indicates the certificate is expired.
When the Application Server communicates to the LDAP, the LDAP is
considered the server.
This mean the certificate on the LDAP server is expired. The keyfile on
the Application Server does not contain this expired certificate. |
|
|
Resolving the
problem |
Work with the LDAP administrator to update the expired
certificate on the LDAP server. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|