Error when joining a member to the collective for WebSphere Application Server Network Deployment Liberty Profile.
For example the join member command is run with the following parameters
| ./collective join member1 –host=localhost –port=9443 –user=admin –password=letmein –keystorePassword=secureme |
Result:
| [02/03/15 23:20:17:756 GMT] 0000002b com.ibm.ws.channel.ssl.internal.SSLHandshakeErrorTracker E CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336)
<info removed for brevity>
at com.ibm.ws.threading.internal.Worker.run(Worker.java:421) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) SSLUtils.handleHandshake(SSLUtils.java:718)
<info removed for brevity>
… 11 more |
Explanation:
The SSL configuration contains attributes that are used to control the behavior of the server SSL transport layer.
The default SSL configuration settings are that When using the IBM JRE the SSL_TLS protocol will used. When using the Oracle JRE is used the SSLv3 protocol is used.
Since we are in this case using CentOS 7, we have the OpenJDK installed and is the default system JRE.
Because the JAVA_HOME variable is not set for the running collective, the OpenJDK is being used. Even though the server version command option reports something like:
| [root@localhost bin]# ./server version controller1 WebSphere Application Server 8.5.5.0 (1.0.3.20130510-0831) on IBM J9 VM, version pxa6470sr4fp1ifx-20130423_02 (SR4 FP1+IV38579+IV38399+IV40208) (en_GB) |
We have an issue because, the server knows about the IBM SDK, but when it is running, it is using the JAVA_HOME of the environment, which is OpenJDK.
Solution:
The best way to solve this is to JAVA_HOME is to create a server.env file in the ${server.config.dir} where server.xml is residing and add JAVA_HOME as in entry in that file.
OR
Use .bashrc and add a JAVA_HOME variable, but the problem with this is that multiple servers on the same machine will all reference the same actual location and this may not be want you wish. You want multiple servers on the same machine to use different SDKs.