Page Comparison

...

When using the SeaLights test listener as a javaagent in WebSphere, it fails to connect to our server with the exception "Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory"

Panelcode
... <Certificate chain received from hostname - xxx.xxx.xxx.xxx --> app.sealights.co failed hostname verification check. Certificate contained *.sealights.co but check expected app.sealights.co>

...

Cause

This issue can occur when is a known issue with WebSphere when SSL is enabled and using a JDK from the WebSphere Application Server . See https://www.ibm.com/support/knowledgecenter/en/was_beta_liberty/com(see references below).

When the IBM WebSphere Application Server starts up it sets the security property to the WebSphere default of com.ibm.websphere.ssl.protocol.SSLSocketFactory. Unfortunately the class com.ibm.websphere.wlpssl.nd.multiplatform.doc/ae/rwlp_trouble.html#rwlp_trouble__ssl01 for more details.
Therefore you should create protocol.SSLSocketFactory is not visible to the Java agent thus the ClassNotFoundException is raised when trying to open a secured connection Sealights' servers.

Solution

This issue can be resolved by creating a file called sl.java.security with the following content

Code Block

title	sl.java.security

ssl.SocketFactory.provider=
ssl.ServerSocketFactory.provider=

And then add the following parameter to the JVM args of webSphere alongside out our javaagent:

Code Block
-Djava.security.properties=fullPathTo/sl.java.security

Another solution is to provide and enforce the usage of IBM JSSE implementation with the following content of sl.java.security file

Code Block
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl

Version	Old Version 4	New Version 5
Changes made by	Marc Amouyal	Marc Amouyal
Saved on	Nov 24, 2020	Nov 24, 2020

Versions Compared

Key

Cause

Solution

References

Related articles