JSSL0080E 49421070 Distributed Client fails to connect to SSL-enabled client
 Technote (troubleshooting)
 
Problem(Abstract)
You receive JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: unknown certificate minor code: 49421070 completed: No
 
Cause
You have a secure EJB™ running on IBM® WebSphere® Application Server for z/OS® with global security enabled. You have two cells and can run the test on CELL1 successfully; however, the test fails on CELL2.

The client fails when connecting to the server with:

JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: unknown certificate minor code: 49421070 completed: No


The stack trace shows the following entries:

com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket(Unknown Source)
com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(Unknown Source)
com.ibm.CORBA.transport.TransportConnectionBase.createSocket(TransportConnectionBase.java:655)
com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:411) at com.ibm.ws.orbimpl.transport.WSTransport$1.run(Unknown Source)

The certificate passed to the client is a self-signed certificate created by WebSphere Application Server at customization time. It is signed by the DUMMY CA certificate that WebSphere Application Server creates. You can connect to CELL1 because you downloaded the following:

etc/DummyClientTrustFile.jks
etc/DummyClientKeyFile.jks

from CELL1. They do not contain the CA Certificate from CELL2. These are different CA certificates and both must be present at the client.

 
Resolving the problem
Follow these steps to resolve this problem:
  • Issue the RACF® Export command of the CA certificate from CELL2 using the following command:

    RACDCERT CERTAUTH EXPORT(label('Your CA cert label')) DSN('datasetName.CACERT') )

  • Download the Certificate and use the IKEYMAN utility to place it in the keyfile.
 
 
 


Document Information


Current web document: swg21194912.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS > Security
Operating system(s): z/OS
Software version: 5.1
Software edition:
Reference #: 1194912
IBM Group: Software Group
Modified date: Jan 4, 2005