WebSphere startup failed after 8.5.5.18 Patch

We applied 8.5.5.18 . Patch was successful but unable to start the JVM successfully . Found below error’s from the logs .

—– SystemOut.log ——

[11/7/20 12:32:52:691 SGT] 00000001 ORBRas E com.ibm.ws.orbimpl.transport.WSTransport createServerSocket P=571909:O=0:CT ORBX0390E: Cannot create listener thread. Exception=[ org.omg.CORBA.INTERNAL: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=com.ibm.websphere.ssl.SSLException: java.lang.IllegalArgumentException: No key store specified and no hardware crypto defined vmcid: 0x49421000 minor code: 77 completed: No – received while attempting to open server socket on port 9403 ].

—— ffdc ——

[11/7/20 12:32:52:519 SGT] FFDC Exception:java.lang.IllegalArgumentException SourceId:com.ibm.ws.ssl.provider.AbstractJSSEProvider ProbeId:601 Reporter:com.ibm.ws.ssl.provider.IBMJSSE2Provider@447ddf8a
java.lang.IllegalArgumentException: No key store specified and no hardware crypto defined

These errors were usually outputted by wrong password.
And also found the following settings.

—— server.xml ——

<sessionDatabasePersistence xmi:id="SessionDatabasePersistence_1183122130078" datasourceJNDIName="jdbc/Sessions" userId="admin" password="{custom:AES} ... />

<keyStores xmi:id="KeyStore_HostNode01_1" name="NodeDefaultKeyStore" password="{custom:AES} ... location="${CONFIG_ROOT}/cells/HostNode01Cell/nodes/HostNode01/key.p12" ... />

<keyStores xmi:id="KeyStore_HostNode01_2" name="NodeDefaultTrustStore" password="{custom:AES} ... location="${CONFIG_ROOT}/cells/HostNode01Cell/nodes/HostNode01/trust.p12" ... />

<keyStores xmi:id="KeyStore_1485154633124" name="JavaStandardTrust" password="{custom:AES} ...  location="F:\IBM\WebSphere\AppServer85\java\jre\lib\security\cacerts" ... >

<keyStores xmi:id="KeyStore_1486029607135" name="SSLKeystore" password="{custom:AES} ... location="F:\SCM\SSL\keystore.jks"... />

From these settings, thought that the environment use customized password encryption.

Starting from WebSphere 8.5.5.18, WebSphere started to support aes encryption.

PH25806: ADD PASSWORD ENCRYPTION SUPPORT FOR PASSWORDUTIL INTO TWAS 8.5.5 https://www.ibm.com/support/pages/apar/PH25806 If the following properties are set in your environment,

com.ibm.wsspi.security.crypto.customPasswordEncryptionClass=

com.acme.myPasswordEncryptionClass

com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=false

Please try “com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=true”.

In the environment custom jar is placed in lib/ and used for the CUSTOM password encryption . but due to the change from 8.5.5.18 issue happened and IBM addressed this issue with Interim fix PH25806

When we apply PH25806 issue resolved .

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *