You have a secure EJB™ running on IBM® WebSphere®
Application Server for z/OS® with global security enabled. You have two
cells and can run the test on CELL1 successfully; however, the test fails
on CELL2.
The client fails when connecting to the server with:
JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and
server could not negotiate the desired level of security. Reason: unknown
certificate minor code: 49421070 completed: No
The stack trace shows the following entries:
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket(Unknown
Source)
com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(Unknown
Source)
com.ibm.CORBA.transport.TransportConnectionBase.createSocket(TransportConnectionBase.java:655)
com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:411)
at com.ibm.ws.orbimpl.transport.WSTransport$1.run(Unknown Source)
The certificate passed to the client is a self-signed certificate
created by WebSphere Application Server at customization time. It is
signed by the DUMMY CA certificate that WebSphere Application Server
creates. You can connect to CELL1 because you downloaded the
following:
etc/DummyClientTrustFile.jks
etc/DummyClientKeyFile.jks
from CELL1. They do not contain the CA Certificate from CELL2. These are
different CA certificates and both must be present at the client.
|