Access to Administrative Console fails with Client Authentication enabled
 Technote (troubleshooting)
 
Problem(Abstract)
If security is enabled, the Administrative Console fails to come up if Client Authentication is enabled.
 
Cause
Following the instructions under the document Mustgather: JSSE, SSL, or JCE problems, the SystemOut.log file shows the following at the time of the attempt to access the Administrative Console:
SystemOut     O << sendServerHello.
SystemOut     O SSL version: 3.0
SystemOut     O SSL_RSA_WITH_RC4_128_MD5
SystemOut     O << sendCertificate.                            
SystemOut     O << sendCertificateRequest.
SystemOut     O << sendServerHelloDone.
SystemOut     O >> handleException <com.ibm.sslite.p@6449d560>
SystemOut     O Exception: EOF
...
SystemOut     O Alert: warning, no certificate
   

From the above exception, it is seen that a certificate request is sent, but no certificate is found.
 
Resolving the problem
The 'sendCertificateRequest' is only used during client certificate authentication. This means that the SSL Repertoire setting 'Client Authentication' is set to true. This setting specifies whether or not to request a certificate from the client for authentication purposes when making a connection.
In the case of accessing the Administrative Console, the client is the browser, and there is no certificate for the browser to present, so Client Authentication should be disabled on the node in which the Administrative Console resides.

To disable Client Authentication, disable security using the securityoff command in wsadmin:

<WAS_HOME>/bin/> wsadmin -conntype NONE
wsadmin> securityoff
wsadmin> exit

Then restart the server (Dmgr for federated environments, server1 for base). You can now access the Administrative Console since security is disabled. Go to the SSL settings under Security > SSL > <YourSSLRepertoire>. Uncheck 'Client Authentication'. Enable security, save the changes, and restart the server and you can now access the Administrative Console with security enabled.

 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1236922
IBM Group: Software Group
Modified date: May 3, 2006