000031685 - Can't connect to Web Service - Jar is not signed by a trusted signer

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031685
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
 
Issue

Scenario to reproduce 


1. Install AdaptiveAuthentication app on Server A 
2. Install Backoffice app on Server B 
3. Add / import trusted root CA certificate in both JVM (Server A and Server B) 
4. Login Backoffice and click Customer Service and search for user change history by passing username
Error : Can't connect to Web Service , java.net.SocketException: java.lang.SecurityException: The Jar (/apps/IBM/was/WAS-BASE-8.5.5.5/plugins/com.ibm.ws.security.crypto.jar) is not signed by a trusted signer 

CauseVerify use of JSSE2 socket factories in java.security file.
Resolution

Original Settings in java.security


Default JSSE socket factories
#ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
#ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
WebSphere socket factories (in cryptosf.jar)
ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory

Settings that fixed the error in java.security


Default JSSE socket factories
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
WebSphere socket factories (in cryptosf.jar)
#ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
#ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory

Attachments

    Outcomes