问题
I'm installing a v7.0.0 MobileFirst Server with Liberty 8.5.5.4 with Java 1.7.0 on RedHat in Nonadminstrator mode. Steps I have followed:
- Successfully install Liberty, create a server and verify it starts with no errors in messages.log.
- Install MFP Server.
- Use the MFP Server Configuration Tool to create an MFP configuration using the Liberty server.
- Bounce the Liberty server and verify it starts with no errors.
- Create an MFP Runtime using the Server Configuration Tool.
- Bounce the server and observe SSL errors in the log.
The SSL errors seem to be related to Liberty trying to talk to the JMX REST client - at least that is my assumption since I haven't even invoked an adapter yet.
The WAR file I am using for the Runtime comes from a project that builds and runs fine in the MFP Studio Liberty development server.
The full log can be found at https://www.dropbox.com/s/o1frf7pjszm46n6/messages.log?dl=0, but here's the relevant error:
[8/4/15 18:23:09:400 CDT] 00000050 com.ibm.ws.channel.ssl.internal.SSLHandshakeErrorTracker E CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at com.ibm.jsse2.o.a(o.java:6)
at com.ibm.jsse2.SSLEngineImpl.a(SSLEngineImpl.java:409)
at com.ibm.jsse2.SSLEngineImpl.a(SSLEngineImpl.java:469)
at com.ibm.jsse2.SSLEngineImpl.j(SSLEngineImpl.java:181)
at com.ibm.jsse2.SSLEngineImpl.b(SSLEngineImpl.java:176)
at com.ibm.jsse2.SSLEngineImpl.a(SSLEngineImpl.java:495)
at com.ibm.jsse2.SSLEngineImpl.unwrap(SSLEngineImpl.java:66)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:23)
at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:870)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.readyInbound(SSLConnectionLink.java:531)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.ready(SSLConnectionLink.java:304)
at com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:174)
at com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:83)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:929)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1018)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:906)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:929)
at java.lang.Thread.run(Thread.java:796)
回答1:
Solved it. I went back to a system I knew worked and started looking for differences. The configuration was all the same, but I noticed the working system used
java version "1.7.0"
Java(TM) SE Runtime Environment (build pxa6470sr7fp1-20140708_01(SR7 FP1))
IBM J9 VM (build 2.6, JRE 1.7.0 Linux amd64-64 Compressed References 20140627_204598 (JIT enabled, AOT enabled)
J9VM - R26_Java726_SR7_20140627_0924_B204598
JIT - r11.b06_20140409_61252.04
GC - R26_Java726_SR7_20140627_0924_B204598_CMPRSS
J9CL - 20140627_204598)
JCL - 20140707_01 based on Oracle **7u65-b16**
The system that was throwing the SSL errors was running
java version "1.7.0"
Java(TM) SE Runtime Environment (build pxa6470sr6fp1ifix-20140220_01(SR6 FP1+IX90136+IX90137))
IBM J9 VM (build 2.6, JRE 1.7.0 Linux amd64-64 Compressed References 20140106_181350 (JIT enabled, AOT enabled)
J9VM - R26_Java726_SR6_20140106_1601_B181350
JIT - r11.b05_20131003_47443.02
GC - R26_Java726_SR6_20140106_1601_B181350_CMPRSS
J9CL - 20140106_181350)
JCL - 20140103_01 based on Oracle **7u51-b11**
I installed 7u65-b16 on the new system, restarted Liberty under that version of Java and all seems to be well now.
来源:https://stackoverflow.com/questions/31821164/unauthorized-access-was-denied-or-security-settings-have-expired-javax-net-ssl-s