Enable SSL Debug Trace in WebSphere

As a developer, we may have to enable SSL Debug Trace in WebSphere. Hence, following are the brief steps that could be used for reference:-

1. In the WebSphere Application Server (WAS) Admin Console, navigate to Servers > Server Types > WebSphere application servers, then select the server name.

2. Under Server Infrastructure, expand Java and Process Management > Process definition > Java Virtual Machine.

3. Add the following to the end of the Generic JVM Arguments box:

-Djavax.net.debug=ssl,handshake,data,trustmanager

4. Save to the master config, and restart the server for it to take hold.

5. This will add debug trace of the SSL handshake to the //profiles//logs//SystemOut.log

Happy Debugging 🙂

Advertisements

Virtual Host Entry in WebSphere

Virtual host name entry could be found in plugin-cfg.xml of a server profile in WebSphere. It is mostly used to configure the port details which forms the complete URL for an application like http://serverName.application.com:55295/loan/casmgmt.htm

Location of an Application Server Profile:-
/WebSphere/7/AppServerBase1/profiles/AppServerBase1/installedApps/Server_Application_Cell/ear/Loan_Application.ear

Location of a file:-
/WebSphere/7/AppServerBase1/profiles/AppServerBase1/config/cells/plugin-cfg.xml

   <VirtualHostGroup Name="Loan_Application">
      <VirtualHost Name="*:55295"/>
   </VirtualHostGroup>

ORA-28040: No matching authentication protocol error

We have got following error in Application logs and we were made to cross-check our JVM settings.

 
ERROR [2016-06-06 03:32:55,521]|[server.startup : 1]|[null]|getConnection
java.sql.SQLException: ORA-28040: No matching authentication protocol
DSRA0010E: SQL State = 99999, Error Code = 28,040
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:441)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOSESSKEY(T4CTTIoauthenticate.java:404)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:385)
at oracle.jdbc.driver.PhysicalConnection.&amp;lt;init&amp;gt;(PhysicalConnection.java:546)
at oracle.jdbc.driver.T4CConnection.&amp;lt;init&amp;gt;(T4CConnection.java:236)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:139)

It was determined that removing JVM parameter -Doracle.jdbc.thinLogonCapability=o3 will fix the ORA-28040: No matching authentication protocol error. I remembered that we added this JVM parameter for certain applications during the WebSphere 7 upgrade. The problem was that certain applications running on WebSphere 7 with JDK 1.6 and ojdbc6.jar was not able to login to the Database. This was because of an Oracle driver “issue” when dealing with external 3rd party JCE libraries such as BouncyCastle.