RSA Authentication Manager 8.1 SDK JAVA Admin Sample Code Reports an SSL Handshake Exception
Originally Published: 2016-05-24
Article Number
Applies To
RSA Product/Service Type : RSA Authentication Manager SDK
RSA Version/Condition: 8.1 Service Pack 1
Platform : Windows
Platform (Other) : JAVA
Issue
<24/05/2016 11:06:46 AM AEST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <24/05/2016 11:06:46 AM AEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true> <24/05/2016 11:06:46 AM AEST> <Info> <Security> <BEA-090908> <Using default WebLogic SSL Hostname Verifier implementation.> ERROR, GOBLIN,,,,Attempting downgraded connection protocol to EJB/2.1. ERROR, GOBLIN,,,,Unable to connect to downgraded EJB/2.1 command server.null ERROR, GOBLIN,,,,Attempting downgraded connection protocol to EJB/2.1. ERROR, GOBLIN,,,,Unable to connect to downgraded EJB/2.1 command server.null ERROR, GOBLIN,,,,Unable to connect to command server for command execution.null ERROR, GOBLIN,,,,Attempting downgraded connection protocol to EJB/2.1. ERROR, GOBLIN,,,,Unable to connect to downgraded EJB/2.1 command server.null ERROR, GOBLIN,,,,Attempting downgraded connection protocol to EJB/2.1. ERROR: com.rsa.common.SystemException: Failed to connect with command server at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:163) at com.rsa.command.DelegatingCommandTarget.executeCommand(DelegatingCommandTarget.java:66) at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:297) at com.rsa.authn.LoginCommand.execute(LoginCommand.java:611) at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:158) at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758) at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740) at com.rsa.samples.admin.AdminAPIDemos.main(AdminAPIDemos.java:1307) Caused by: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://app81p.csau.ap.rsa.net:7002: Destination unreachable; nested exception is: javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40) at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:767) at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:366) at weblogic.jndi.Environment.getContext(Environment.java:315) at weblogic.jndi.Environment.getContext(Environment.java:285) at weblogic.jndi.Environment.createInitialContext(Environment.java:208) at weblogic.jndi.Environment.getInitialContext(Environment.java:192) at weblogic.jndi.Environment.getInitialContext(Environment.java:170) at com.rsa.ims.command.weblogic.WebLogicInitialContextFactory.getInitialContext(WebLogicInitialContextFactory.java:146) at com.rsa.command.EJBRemoteTarget$LookupEjb30.run(EJBRemoteTarget.java:552) at com.rsa.command.EJBRemoteTarget$LookupEjb30.run(EJBRemoteTarget.java:1) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146) at weblogic.security.Security.runAs(Security.java:61) at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51) at com.rsa.command.EJBRemoteTarget.internalGetCommandServer(EJBRemoteTarget.java:369) at com.rsa.command.EJBRemoteTarget.refreshCachedCommandServer(EJBRemoteTarget.java:350) at com.rsa.command.EJBRemoteTarget.getCommandServer(EJBRemoteTarget.java:295) at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:161) ... 7 more Caused by: java.net.ConnectException:NOTE: GOBLIN is the name of the Windows platform running the admin sample code whereas app81p.csau.ap.rsa.net is the authentication manager primary instance name
Cause
Resolution
Check the admin sample code is using the -Dweblogic.security.SSL.trustedCAKeyStore SSL argument and that the JKS container being referenced contains the server root certificate of the authentication manager instance for the SSL connection.
Related Articles
RSA Authentication Manager 8.x trusted realms not working (java.net.UnknownHostException) Number of Views Dynamic seed provisioning fails after replica promotion Number of Views RSA Authentication Manager 8.2 SDK - Error "General SSLEngine problem; No available router to destination" Number of Views RSA Authentication Manager 8.x Web Tier is not listening on TCP port 443 Number of Views RSA AM 7.1 to 8.1 Migration - RSA AM 7.1 Migration Export Utility fails at the install due to RADIUS Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
