000031734 - Remote AFX Server fails to start with an SSLHandshakeException error in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 3, 2020
Version 7Show Document
  • View in full screen mode

Article Content

Article Number000031734
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: All 
IssueA remote AFX Server fails to start and remains in a Not running state as in the screenshot below:
     User-added image

The $AFX_HOME/AFX/esb/logs/esb.AFX-INIT.log file contains the following error:

mep=REQUEST_RESPONSE, properties={followRedirects=false, http.method=POST},
transactionConfig=Transaction{factory=null, action=INDIFFERENT, timeout=0},
deleteUnacceptedMessages=false, initialState=started, responseTimeout=10000,
endpointEncoding=UTF-8, disableTransportTransformer=false}.
Message payload is of type: PostMethod
Code                  : MULE_ERROR--2
Exception stack is:
1. Received fatal alert: handshake_failure (javax.net.ssl.SSLHandshakeException)

2. Failed to route event via endpoint: DefaultOutboundEndpoint

CauseThis problem is caused by the use of IBM JDK or JRE. This typically does not happen on an appliance because an appliance has Oracle installed software. However, a machine with a remote AFX server does not necessarily have any Oracle software installed.

AFX requires the use of Oracle JDK or OpenJDK. The use of IBM JDK/JRE will cause the startup of the AFX server to fail.
ResolutionInstall either Oracle JDK or OpenJDK on the machine with the remote AFX Server. The IBM JDK/JRE does not need to be uninstalled but the PATH environment variable used by the AFX Server must point to the Oracle JDK or OpenJDK installation.