PQ82944: SSLHANDSHAKEEXCEPTION, SSL CONNECTION, X509V3 CERTIFICATE EXTENSIONS, JSSE | |||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The customer received this error when trying to establish an SSL connection, using JSSE, to a server that utilizes a certificate with X509v3 certificate extensions. The program running on the WebSphere application server is the "client". The customer receives the following error: Error: javax.net.ssl.SSLHandshakeException: unknown certificate javax.net.ssl.SSLHandshakeException:unknown cerificate at com.ibm.jsse.JSSESocket.install(Unknown Source) at com.ibm.jsse.JSSESocket.startHandshake (Unknown Source) at com.ibm.net.ssl.internal.www.protocol.https.n.e(Unknown Source) This problem was fixed with the JSSE build dated 12/13/03. The Hursley defect number was 67033. IBMJSSE Defect:82996 - javax.net.ssl.SSLHandshakeException: unknown certificate on 1.3.x, when there is a critical extended key usage extension on the leaf certificate to authenticate the server a javax.net.ssl.SSLHandshakeException: unknown certificate will be thrown. For 1.3.x, will not check to see if there are any other critical extensions. The latest IBMJSSE jar can be found on the IBM JIM site: w3.ibm.com/java The customer is running WAS 4.0.7 on Solaris 8.Local fix Customer is currently running with a temporary ibmjsse.jar file that they received from the JSSE team.Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security and/or are attempting * * to programatically establish SSL * * connections and are using certificates with * * X509v3 certificate extensions in their * * trust or key stores. * **************************************************************** * PROBLEM DESCRIPTION: "javax.net.ssl.SSLHandshakeException: * * unknown certificate" when using * * certificates with X509v3 certificate * * extensions. * **************************************************************** * RECOMMENDATION: * **************************************************************** "javax.net.ssl.SSLHandshakeException: unknown certificate" when using certificates with X509v3 certificate extensions.Problem conclusion Issue is resolved in the 12-13-2003 JSSE build which has been integrated into WebSphere.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ82944
IBM Group: Software Group
Modified date: Feb 3, 2004
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.