We applied 8.5.5.18 . Patch was successful but unable to start the JVM successfully . Found below error’s from the logs .
—– SystemOut.log ——
[11/7/20 12:32:52:691 SGT] 00000001 ORBRas E com.ibm.ws.orbimpl.transport.WSTransport createServerSocket P=571909:O=0:CT ORBX0390E: Cannot create listener thread. Exception=[ org.omg.CORBA.INTERNAL: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=com.ibm.websphere.ssl.SSLException: java.lang.IllegalArgumentException: No key store specified and no hardware crypto defined vmcid: 0x49421000 minor code: 77 completed: No – received while attempting to open server socket on port 9403 ].
—— ffdc ——
[11/7/20 12:32:52:519 SGT] FFDC Exception:java.lang.IllegalArgumentException SourceId:com.ibm.ws.ssl.provider.AbstractJSSEProvider ProbeId:601 Reporter:com.ibm.ws.ssl.provider.IBMJSSE2Provider@447ddf8a
java.lang.IllegalArgumentException: No key store specified and no hardware crypto defined
These errors were usually outputted by wrong password.
And also found the following settings.
—— server.xml ——
<sessionDatabasePersistence xmi:id="SessionDatabasePersistence_1183122130078" datasourceJNDIName="jdbc/Sessions" userId="admin" password="{custom:AES} ... />
<keyStores xmi:id="KeyStore_HostNode01_1" name="NodeDefaultKeyStore" password="{custom:AES} ... location="${CONFIG_ROOT}/cells/HostNode01Cell/nodes/HostNode01/key.p12" ... />
<keyStores xmi:id="KeyStore_HostNode01_2" name="NodeDefaultTrustStore" password="{custom:AES} ... location="${CONFIG_ROOT}/cells/HostNode01Cell/nodes/HostNode01/trust.p12" ... />
<keyStores xmi:id="KeyStore_1485154633124" name="JavaStandardTrust" password="{custom:AES} ... location="F:\IBM\WebSphere\AppServer85\java\jre\lib\security\cacerts" ... >
<keyStores xmi:id="KeyStore_1486029607135" name="SSLKeystore" password="{custom:AES} ... location="F:\SCM\SSL\keystore.jks"... />
From these settings, thought that the environment use customized password encryption.
Starting from WebSphere 8.5.5.18, WebSphere started to support aes encryption.
PH25806: ADD PASSWORD ENCRYPTION SUPPORT FOR PASSWORDUTIL INTO TWAS 8.5.5 https://www.ibm.com/support/pages/apar/PH25806 If the following properties are set in your environment,
com.ibm.wsspi.security.crypto.customPasswordEncryptionClass=
com.acme.myPasswordEncryptionClass
com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=false
Please try “com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true”.
In the environment custom jar is placed in lib/ and used for the CUSTOM password encryption . but due to the change from 8.5.5.18 issue happened and IBM addressed this issue with Interim fix PH25806
When we apply PH25806 issue resolved .