Santosh Kondapuram
Reputation: 9
Issue with SSL encryption between WebSphere App & Oracle database
we have our java application deployed in WebSphere Application server(8.5.5.12) with IBM SDK 8.0.5.17 with backend database as oracle (12.1.0.2.0). we are now trying to encrypt the data between WebSphere Application and the database. We have followed the exact steps documented in the following linkhttps://www.ibm.com/developerworks/community/blogs/d89a3ddf-2acf-4cc8-b11b-14f33b5c653e/entry/Configuring_Secure_Socket_Layer_SSL_communication_between_the_OpenPages_application_server_WebSphere_and_the_Oracle_database?lang=en When we try to test the data source connection getting following error
java.sql.SQLRecoverableException: IO Error: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty DSRA0010E: SQL State = 08006, Error Code = 17,002.
same configuration works perfect with IBM SDK version 7 (7.0.4.1) but not with IBM SDK 8, does any one experienced similar issue or do you see any known issues configuring SSL with IBM SDK 8.Also copied the ssl debug log
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.ibm.jsse2.k.a(k.java:24)
at com.ibm.jsse2.at.a(at.java:572)
at com.ibm.jsse2.at.a(at.java:387)
at com.ibm.jsse2.at.a(at.java:338)
at com.ibm.jsse2.at.a(at.java:733)
at com.ibm.jsse2.i.write(i.java:8)
at oracle.net.ns.Packet.send(Packet.java:419)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
... 105 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at com.ibm.jsse2.util.f.<init>(f.java:50)
at com.ibm.jsse2.util.e.a(e.java:18)
at com.ibm.jsse2.aB.a(aB.java:21)
at com.ibm.jsse2.aB.a(aB.java:185)
at com.ibm.jsse2.aB.a(aB.java:137)
at com.ibm.jsse2.aB.checkServerTrusted(aB.java:49)
at com.ibm.jsse2.E.a(E.java:166)
at com.ibm.jsse2.E.a(E.java:121)
at com.ibm.jsse2.D.r(D.java:223)
at com.ibm.jsse2.D.a(D.java:198)
at com.ibm.jsse2.at.a(at.java:649)
at com.ibm.jsse2.at.i(at.java:627)
at com.ibm.jsse2.at.a(at.java:310)
at com.ibm.jsse2.i.write(i.java:3)
... 111 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:300)
at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:142)
at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:99)
at com.ibm.jsse2.util.f.<init>(f.java:106)
... 124 more
: {2}.
[6/12/19 6:24:54:097 EDT] 00000098 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /u01/IBM/WebSphere/AppServer/profiles/manuonsite1/logs/ffdc/manuonsite1was_srv_2293118f_19.06.12_06.24.54.0822519622081070003296.txt com.ibm.ws.management.AdminServiceImpl.invoke 679
[6/12/19 6:24:54:098 EDT] 00000098 MBeanHelper E Could not invoke an operation on object: WebSphere:name=DataSourceCfgHelper,process=manuonsite1was_srv,platform=dynamicproxy,node=awscentosNode03,version=8.5.5.12,type=DataSourceCfgHelper,mbeanIdentifier=DataSourceCfgHelper,cell=awscentosNode03Cell,spec=1.0 because of an mbean exception: java.sql.SQLRecoverableException: IO Error: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty DSRA0010E: SQL State = 08006, Error Code = 17,002
[6/12/19 6:24:54:389 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:394 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:394 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:399 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:399 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:401 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 323
[6/12/19 6:24:54:401 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:406 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:406 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:408 EDT] 000000a0 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:409 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:410 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:410 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:412 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 8
[6/12/19 6:24:54:412 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:414 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 5276
[6/12/19 6:24:54:416 EDT] 00000098 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:417 EDT] 00000098 SystemOut O WebContainer : 1, WRITE: TLSv1.2 Application Data, length = 5
[6/12/19 6:24:54:444 EDT] 000000a0 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:451 EDT] 000000a0 SystemOut O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:451 EDT] 000000a0 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:458 EDT] 000000a0 SystemOut O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:458 EDT] 000000a0 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:459 EDT] 000000a0 SystemOut O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 281
[6/12/19 6:24:54:460 EDT] 000000a0 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:466 EDT] 000000a0 SystemOut O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 15563
[6/12/19 6:24:54:467 EDT] 000000a0 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:468 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:469 EDT] 000000a0 SystemOut O WebContainer : 6, WRITE: TLSv1.2 Application Data, length = 5
[6/12/19 6:24:54:469 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 398
[6/12/19 6:24:54:475 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:488 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:491 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 9328
[6/12/19 6:24:54:494 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:506 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:511 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 16384
[6/12/19 6:24:54:511 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:513 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 4956
[6/12/19 6:24:54:516 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:529 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:531 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 5753
[6/12/19 6:24:54:552 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:578 EDT] 000000a1 ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [isclite] [/ibm/console] [/secure/javascriptToSession.jsp]: Initialization successful.
[6/12/19 6:24:54:579 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:580 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 284
[6/12/19 6:24:54:581 EDT] 000000a1 SystemOut O CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8
[6/12/19 6:24:54:582 EDT] 000000a1 SystemOut O WebContainer : 7, WRITE: TLSv1.2 Application Data, length = 5
[6/12/19 6:24:54:637 EDT] 0000005a SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:24:54:643 EDT] 0000005b SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:24:59:643 EDT] 0000005a SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:24:59:648 EDT] 0000005b SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:04:648 EDT] 0000005a SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:04:653 EDT] 0000005b SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:09:654 EDT] 0000005a SystemOut O SSLv3 protocol was requested but was not enabled
[6/12/19 6:25:09:658 EDT] 0000005b SystemOut O SSLv3 protocol was requested but was not enabled
Upvotes: 1
Views: 1081
Answers (0)
Related Questions
- certificate not trusted by Websphere
- RSA premaster secret error connecting to Oracle through Websphere over SSL
- websphere ssl handshake failure
- IBM WAS HTTPS connection certificate chain error
- Receiving error while connecting ms sql server from java
- SSL Handshake Error with WebSphere using Java
- Java/Websphere NoSuchProviderException: IBMCertPath
- IllegalArgumentException: Unsupported ciphersuite
- Configuring SSL connection for Oracle 12
- SSL connection error from SQL server in Websphere