A communication failure occurred while attempting to obtain an initial context with the provider URL: "iiop://10.10.19.234:2812". Make sure that any bootstrap address information in the URL is correct and that the target name server is running. A bootstrap address with no port specification defaults to port 2809. Possible causes other than an incorrect bootstrap address or unavailable name server include the network environment and workstation network configuration. [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible:
Forwarded IOR failed with: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: com.ibm.jsse2.util.h: No trusted certificate found
Initial IOR failed with: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: com.ibm.jsse2.util.h: No trusted certificate found vmcid: IBM minor code: E07 completed: No]
The following blog gave very useful information on rectifying this problem.http://primalcortex.wordpress.com/2008/06/05/ibm-websphere-interserver-authentication-ltpa-and-ssl/#respond
The steps mentioned were
1) Logon into the WAS console.
2) Goto Security -> SSL and Key Management
3) Select the NodeDefaultTrustStore and then Signer Certificates
4) Define your parameters, where the main issue is that the host must be the server you which to connect and the port is 9043.
5) Just give an alias name and press the button “Retrieve Signer Certificate”
6) Press apply and OK, and you’re done.
In our case, the remote server's secure port was not 9043, so that was a change. Also, we had to restart both servers before we got the SSLHandshakeException resolved. However, we got a different exception now.javax.naming.NoPermissionException: NO_PERMISSION exception caught. Root exception is org.omg.CORBA.NO_PERMISSION
We found the solution for this problem at the IBM site.
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=DB520&uid=swg21218843&loc=en_US&cs=UTF-8&lang=all
The steps were
Server A should be configured to not send credentials to Server B. To prevent Server A for sending credentials make the following changes., In the Administrator Console, go to Security -> Authentication -> Authentication Protocol -> CSIv2 Outbound -> Basic Authentication on Server A set to Supported (default). Change it to Never.
After restarting both servers, we were able to make the EJB calls to the remote server.
1 comment:
Hi
seema i am facing the same problem .
please let me know what is the parameter you are refering and how to check the corresponding port
"Define your parameters, where the main issue is that the host must be the server you which to connect and the port is 9043"
Regards
Gashy
Post a Comment