000033744 - RSA Identity Governance & Lifecycle 6.8.x and above remote Access Fulfilment Express (AFX) server fails to start with the error "SSL peer shut down incorrectly" in the logs

Document created by RSA Customer Support Employee on Aug 12, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033744
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Product/Service Type: Access Fulfilment Express
RSA Version/Condition: 6.8.x and above
Platform: WebSphere
IssueThe remote AFX server fails to start with the following error in the $AFX_HOME/mule/logs/mule_ee.log:
+ New app '10_AFX-INIT'                                    +
ERROR 2014-12-26 01:58:52,810 [WrapperListener_start_runner]

+ Failed to deploy app '10_AFX-INIT', see below            +
org.mule.module.launcher.DeploymentInitException: EOFException: SSL peer shut down incorrectly
    at org.mule.module.launcher.application.DefaultMuleApplication.init(DefaultMuleApplication.java:221)
    at org.mule.module.launcher.application.ApplicationWrapper.init(ApplicationWrapper.java:64)
    at org.mule.module.launcher.DefaultMuleDeployer.deploy(DefaultMuleDeployer.java:46)
    at org.mule.module.launcher.DeploymentService.guardedDeploy(DeploymentService.java:398)
    at org.mule.module.launcher.DeploymentService.start(DeploymentService.java:181)
    at org.mule.module.launcher.MuleContainer.start(MuleContainer.java:157)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:622)
    at org.mule.module.reboot.MuleContainerWrapper.start(MuleContainerWrapper.java:56)
    at org.tanukisoftware.wrapper.WrapperManager$12.run(WrapperManager.java:3925)
Caused by: org.mule.api.config.ConfigurationException: Error creating bean with name
'serverInitialization' defined in URL [file:/home/oracle/AFX/mule/apps/10_AFX-INIT/mule-config.xml]:
Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException:
Could not instantiate bean class [com.aveksa.afx.server.init.ServerInitializationComponent]:
Constructor threw exception; nested exception is org.mule.api.lifecycle.InitialisationException:
Server initialization failed! Please correct the issue and restart AFX.
(org.mule.api.lifecycle.InitialisationException) (org.mule.api.config.ConfigurationException)
        ... 15 more
CauseThere may be more than one cause for this error:
  1. The SSL configuration on WebSphere is not configured correctly.  For example, the wrong path configured to the server.keystore or the wrong keystore password.
  2. The server.keystore on the application server file system is corrupt or outdated.  For example, a new server.keystore has been generated from the UI, but not updated on the WebSphere application server file system.
ResolutionFollow the WebSphere SSL configuration steps found in the WebSphere installation guide relative to your version.

For 6.8.1

Follow the relevant steps under "Working with Keystores and Certificates" in Chapter 7 of the Identity Management & Governance 6.8.1 Installation Guide
  1. Getting the RSA IAM Platform Server Keystore File (page 32).
  2. Associating the RSA IAM Platform server.keystore File with Your WebSphere Server (page 33).
  3. Configuring the WebSphere Server SSL (page 33).
  4. Configuring SSL Port Assignment (page 34).

For 6.9.x

Follow the relevant steps under "Securing Internal Communication Between RSA IMG Components" in Chapter 3 of the Identity Management & Governance 6.9.1 Installation on WebSphere Guide:
  1. Download the RSA IMG Server Keystore File (page 33).
  2. Create a keystore in the WebSphere Server using the RSA IMG server.keystore File (page 33).
  3. Create an SSL Configuration in WebSphere using the RSA IMG Keystore (page 34).
  4. Configuring the SSL Port (page 34).

For 7.0.0

Follow the relevant steps under "Securing Internal Communication Between RSA IMG Components" in Appendix A of the RSA Via L&G 7.0 Installation Guide:
  1. Download the RSA Via L&G Server Keystore File (page 88).
  2. Create a keystore in the WebSphere Server using the RSA Via L&G server.keystore File (page 89).
  3. Create an SSL Configuration in WebSphere using the RSA Via L&G Keystore (page 89).
  4. Complete these additional steps if Access Fulfillment Express (AFX) is deployed along with RSA Via L&G (page 90).
  5. Configuring the SSL Port (page 90).