000031734 - Remote RSA Via Lifecycle and Governance ( L&G) Access Fulfillment Express (AFX) agent is not running due to an SSLHandshakeException

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031734
Applies ToRSA Product Set: RSA Via Lifecycle and Governance (RSA Via L&G)
RSA Product/Service Type: Hosted (MAL) or any RSA Via L&G Implementation using a remote AFX agent
RSA Version/Condition: All versions 
IssueA remote AFX Server remains in a Not Running state as in the screen shot below:
     User-added image
The $AFX_HOME/AFX/mule/logs/mule.AFX-INIT.log contains an SSLHandshakeException error:
mep=REQUEST_RESPONSE, properties={followRedirects=false, http.method=POST},
transactionConfig=Transaction{factory=null, action=INDIFFERENT, timeout=0},
deleteUnacceptedMessages=false, initialState=started, responseTimeout=10000,
endpointEncoding=UTF-8, disableTransportTransformer=false}.
Message payload is of type: PostMethod
Code                  : MULE_ERROR--2
Exception stack is:
1. Received fatal alert: handshake_failure (javax.net.ssl.SSLHandshakeException)
2. Failed to route event via endpoint: DefaultOutboundEndpoint
CauseThis problem is caused by the use of IBM JDK or JRE. This typically does not happen on an appliance because an appliance has Oracle installed software. However, a machine with a remote AFX server (required in a MAL environment, optional in all other environments) does not necessarily have any Oracle software installed.
RSA Via L&G AFX requires the use of Oracle Java (JDK) or OpenJDK. The use of IBM JDK/JRE will cause the startup of the AFX server to fail.

ResolutionInstall either Oracle Java (JDK) or OpenJDK on the machine with the remote AFX Server. The IBM JDK/JRE does not need to be uninstalled but the PATH environment variable used by the AFX Server must point to the Oracle Java (JDK) or OpenJDK installation.