Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
Hayashi
New Contributor
New Contributor

Java API 8.6 AM SSL Handshake Errors


I'm starting to work with the above API.

I referred to the API document and prepared the environment.
I ran the provided "Admin API Demos" with the ant command, but I end up with an error message.
* I saw the past discussion "Java API 8.2 AM SSL Handshake Errors" but couldn't deal with it.

================================================================

◆Environmental info..

・AM 8.6 Server (Appliance Server)

・Client (Windows 10)

 -Open-JDK 18

 -apache-ant  1.10.12

 -SDK (extras8.6)

 

================================================================
◆ErrorMessage◆

run-listusers:
[java] <2022/02/26 17?34?23? ?????> <Info> <Security> <BEA-090905> <?????????????????CryptoJ JCE???????????????????????????????????????-Dweblogic.security.allowCryptoJDefaultJCEVerification=true???????>
[java] <2022/02/26 17?34?23? ?????> <Info> <Security> <BEA-090906> <RSA CryptoJ????????????????ECDRBG128??HMACDRBG??????????????????????-Dweblogic.security.allowCryptoJDefaultPRNG=true???????>
[java] <2022/02/26 17?34?23? ?????> <Info> <Security> <BEA-090908> <??????WebLogic SSL?????????????????>

[java] ERROR, <ClientHostname>,,,,Attempting downgraded connection protocol to EJB/2.1.
[java] ERROR, <ClientHostname>,,,,Unable to connect to downgraded EJB/2.1 command server.Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); No available router to destination; nested exception is:
[java] java.rmi.ConnectException: No available router to destination
[java] ERROR, <ClientHostname>,,,,Attempting downgraded connection protocol to EJB/2.1.
[java] ERROR, <ClientHostname>,,,,Unable to connect to downgraded EJB/2.1 command server.Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); No available router to destination; nested exception is:
[java] java.rmi.ConnectException: No available router to destination
[java] ERROR, <ClientHostname>,,,,Unable to connect to command server for command execution.Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); No available router to destination; nested exception is:
[java] java.rmi.ConnectException: No available router to destination
[java] ERROR, <ClientHostname>,,,,Attempting downgraded connection protocol to EJB/2.1.
[java] ERROR, <ClientHostname>,,,,Unable to connect to downgraded EJB/2.1 command server.Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); No available router to destination; nested exception is:
[java] java.rmi.ConnectException: No available router to destination
[java] ERROR, <ClientHostname>,,,,Attempting downgraded connection protocol to EJB/2.1.
[java] ERROR, <ClientHostname>,,,,Unable to connect to downgraded EJB/2.1 command server.Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); No available router to destination; nested exception is:
[java] java.rmi.ConnectException: No available router to destination
[java] ERROR, <ClientHostname>,,,,Unable to connect to command server for command execution.Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); No available router to destination; nested exception is:
[java] java.rmi.ConnectException: No available router to destination
[java] ???????c:\java\am-extras\SDK\samples\admin/../../lib/java/trust.jks?????????:ERROR: com.rsa.common.SystemException: Failed to connect with command server
[java] at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:164)
[java] at com.rsa.command.DelegatingCommandTarget.executeCommand(DelegatingCommandTarget.java:66)
[java] at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:300)
[java] at com.rsa.authn.LoginCommand.execute(LoginCommand.java:611)
[java] at com.rsa.authn.AuthenticatedTargetImpl.login(AuthenticatedTargetImpl.java:158)
[java] at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:758)
[java] at com.rsa.command.ConnectionFactory$ConnectionImpl.connect(ConnectionFactory.java:740)
[java] at com.rsa.samples.admin.AdminAPIDemos.main(AdminAPIDemos.java:1373)
[java] Caused by: javax.naming.CommunicationException: Failed to initialize JNDI context, tried 2 time or times totally, the interval of each time is 0ms.
[java] t3s://<hostname>.com:7002: Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); ????????????????????; nested exception is:
[java] java.rmi.ConnectException: ???????????????????? [Root exception is java.net.ConnectException: t3s://<hostname>.com:7002:Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); ????????????????????; nested exception is:
[java] java.rmi.ConnectException: ????????????????????]
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.throwRetryException(WLInitialContextFactoryDelegate.java:467)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:403)
[java] at weblogic.jndi.Environment.getContext(Environment.java:353)
[java] at weblogic.jndi.Environment.getContext(Environment.java:322)
[java] at weblogic.jndi.Environment.createInitialContext(Environment.java:239)
[java] at weblogic.jndi.Environment.getInitialContext(Environment.java:223)
[java] at weblogic.jndi.Environment.getInitialContext(Environment.java:201)
[java] at com.rsa.ims.command.weblogic.WebLogicInitialContextFactory.getInitialContext(WebLogicInitialContextFactory.java:146)
[java] at com.rsa.command.EJBRemoteTarget$LookupEjb30.run(EJBRemoteTarget.java:552)
[java] at com.rsa.command.EJBRemoteTarget$LookupEjb30.run(EJBRemoteTarget.java:1)
[java] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:368)
[java] at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:163)
[java] at weblogic.security.Security.runAs(Security.java:62)
[java] at com.rsa.command.WebLogicSecurityContextWrapper.runAs(WebLogicSecurityContextWrapper.java:51)
[java] at com.rsa.command.EJBRemoteTarget.internalGetCommandServer(EJBRemoteTarget.java:369)
[java] at com.rsa.command.EJBRemoteTarget.refreshCachedCommandServer(EJBRemoteTarget.java:350)
[java] at com.rsa.command.EJBRemoteTarget.getCommandServer(EJBRemoteTarget.java:295)
[java] at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:162)
[java] ... 7 more
[java] Caused by: java.net.ConnectException: t3s://<hostname>.com:7002:Destination xx.xx.xx.xx, 7002 unreachable; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); ????????????????????; nested exception is:
[java] java.rmi.ConnectException: ????????????????????
[java] at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:238)
[java] at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
[java] at weblogic.rjvm.ClientServerURL.findOrCreateRJVM(ClientServerURL.java:177)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:354)
[java] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:368)
[java] at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:163)
[java] at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:350)
[java] ... 23 more
[java] Caused by: java.rmi.ConnectException: ??xx.xx.xx.xx?7002???????????; nested exception is:
[java] javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate); ????????????????????; nested exception is:
[java] java.rmi.ConnectException: ????????????????????
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:539)
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:358)
[java] at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:318)
[java] at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:161)
[java] at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:258)
[java] at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:222)
[java] ... 29 more
[java] Caused by: java.rmi.ConnectException: ????????????????????
[java] at weblogic.rjvm.ConnectionManager.findOrCreateRouter(ConnectionManager.java:1822)
[java] at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:520)
[java] ... 34 more

BUILD SUCCESSFUL
Total time: 20 seconds

c:\java\am-extras\SDK\samples\admin>

================================================================

◆Predict

The API docs say that the following settings are required, but I don't know where to set them.
To me, it looks like it's done in "Built.xml".
Help me

-Dlog4j.configuration=file:RSA Authentication Manager SDK/samples/admin/src/log4j.xml - The location of the log4j.xml configuration file. You can copy the log4j.xml file to any location as long as the property points to it. This property is required for applications that use logging.

-Dweblogic.security.SSL.trustedCAKeyStore=SDK_HOME/lib/java/trust.jks - The trust store for SSL EJB connections.
-Djavax.net.ssl.trustStore=SDK_HOME/lib/java/trust.jks - The trust store for SSL SOAP connections.

WebLogic requires the use of the TLSv1.2 protocol. Specify the following:
-Dweblogic.security.SSL.protocolVersion=TLSv1.2

-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2

-Djdk.tls.client.protocols=TLSv1.2

-Dhttps.protocols=TLSv1.2

================================================================

Thanks for reading.

0 Likes
0 Replies