Explanation | SSL service is initializing the configuration. |
Action | None. Informational only |
Explanation | SSL service initialization completed successfully.. |
Action | None. Informational only |
Explanation | SSL service is starting. |
Action | None. Informational only |
Explanation | SSL service started. |
Action | None. Informational only |
Explanation | SSL service initialization failed |
Action | None. Informational only |
Explanation | An unexpected exception occurred when trying to create or register an mBean. |
Action | There may be a problem with the configuration. The exception may include details. |
Explanation | SSL service did not start. |
Action | None. Informational only |
Explanation | An unexpected error occurred during security initialization. |
Action | This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling SSL=all=enabled debug trace may yield additional information. |
Explanation | Cannot create the security object from repository. Internal Error. |
Action | The security.xml might be corrupted or missing. Contact your service representative. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Explanation | The specified resource could not be loaded due to an exception. |
Action | The failure may be related to a configuration problem related to the resource. |
Explanation | The server is running in FIPS mode, using the IBMJCEFIPS provider. |
Action | No user action is required. |
Explanation | When the server is running in FIPS mode the IBMJCEFIPS provider should be in the java.security file. |
Action | The java.security file needs to be changed to include the IBMJCEFIPS provider in the provider list before the IBMJCE provider. |
Explanation | Describes whether or not the SSL component's FFDC Diagnostic module was successfully registered. |
Action | None. Informational only. |
Explanation | An unexpected error occurred stopping the SSL component. |
Action | This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling SSL=all=enabled debug trace may yield additional information. |
Explanation | A certificate is about to expire in the keystore. |
Action | Open the keystore and validate the expiration dates on all certificates in the keystore. Prepare to generate new certificates, if necessary. |
Explanation | A certificate is expired in the keystore. |
Action | Open the keystore and validate the expiration dates on all certificates in the keystore. Remove any expired certs. |
Explanation | The keystore type configured is not correct. |
Action | Change the keystore type in the SSL configuration. |
Explanation | There may be a problem with the syntax of the ssl.client.props file or the location of the file is invalid. |
Action | Review the error returned and check the syntax and location of the ssl.client.props file. |
Explanation | A class loading error occurred loading the custom trust manager configured. |
Action | Ensure the class can be found in the environment. |
Explanation | A class loading error occurred loading the custom key manager configured. |
Action | Ensure the class can be found in the environment. |
Explanation | An error occurred during the SSL handshake. It may require a signer export/import from the target host to the client TrustStore. |
Action | Review the extended error message coming from the TrustManager to help determine what needs to change between the target SSL configuration and the client SSL configuration. |
Explanation | The certificate alias specified for this SSL configuration is not in the specified KeyStore. |
Action | Either add a certificate into the KeyStore with the specified certificate alias or change the specified certificate alias to match an alias found in the client KeyStore. |
Explanation | The certificate alias specified for this SSL configuration is not in the specified KeyStore. |
Action | Either add a certificate into the KeyStore with the specified certificate alias or change the specified certificate alias to match an alias found in the server KeyStore. |
Explanation | There was a classloading error trying to load the HTTPS URLStreamHandler class. |
Action | Check the SSL configuration to ensure the context provider is correct for the platform. |
Explanation | An exception occurred reading the SSL configurations from the security.xml after a change occurred. |
Action | Review the exception message text and verify the SSL configuration parameters are valid. |
Explanation | Hostname verification will be disabled by default for URL connections. Hostname verification checks that the X509 Certificate Common Name (CN) matches the hostname it is from. |
Action | To enable default JSSE URL hostname verification, set the com.ibm.ssl.performURLHostNameVerification property to true. |
Explanation | The handshake protocol specified is not recognized as a valid handshake protocol. |
Action | Check the SSL configuration to ensure the right handshake protocol is specified. |
Explanation | The SSL context provider specified is not recognized as a valid context provider. |
Action | Check the SSL configuration to ensure the correct SSL context provider is specified. |
Explanation | The DefaultKeyStores between cell and node will have exchange signers with corresponding DefaultTrustStores. An error occurred during this process. |
Action | A manual signer exchange may need to take place. |
Explanation | An error occurred while creating the file-based keystore or truststore during process initialization. Check that the keystore or truststore settings are valid. |
Action | Verify the keystore or truststore settings in the ssl.client.props. |
Explanation | An error occurred while creating a self-signed certificate during process startup. |
Action | Check that the default self-signed certificate property values (com.ibm.ssl.defaultCertReq*) are valid. |
Explanation | An error occurred while creating or opening the keystore. |
Action | Check that the properties in the keystore configuration and ensure the keystore exists. |
Explanation | An error occurred initializing the schedule. |
Action | Check that the properties for the scheduler are valid. Ensure the /etc directory is writable. |
Explanation | An error occurred reading the date from the schedule file in /etc. |
Action | Ensure the /etc directory is writable or the file has not been modified. |
Explanation | An error occuring sending email to the specified SMTP server. |
Action | Ensure the SMTP server specified is valid and that your companies firewall policy allows sending to SMTP ports. |
Explanation | This is information regarding certificate expiration. |
Action | May need to manage certificates to resolve the reported problems. |
Explanation | A problem occurred starting the expiration monitor command task. |
Action | Try starting the expiration monitor explicitly to determine more information about the error. |
Explanation | Make sure the hostname entered is in the canonical format as it appears in serverindex.xml. |
Action | Edit the hostlist to convert it to the proper canonical format. |
Explanation | This message is for providing options for the client to retrieve signers needed for a successful SSL connection. |
Action | Either run retrieveSigners or enable the signer exchange prompt to correct the problem. |
Explanation | Default key store passwords should be changed when possible. |
Action | Change all key store passwords either using AdminConsole or IKeyMan. |
Explanation | The KeySet either does not have a keyGenerationClass defined, it cannot find the keyGenerationClass, a read-only KeyStore is associated with the KeySet, or the KeyStore does not allow the writing of secret keys. |
Action | Modify the configuration so a proper keyGenerationClass is configured and a KeyStore type is configured with allows the writing of secret keys. |
Explanation | An error occurred while retrieving keys from the KeyStore for the specified KeySet. |
Action | Check that the KeySet configuration is correct. |
Explanation | Either the runtime could not find the key generation class configured for the KeySet or the class does not implement com.ibm.websphere.crypto.KeyGenerator or com.ibm.websphere.crypto.KeyPairGenerator. |
Action | Check to ensure the key generation class configured is specified in a location which can be found by the WebSphere runtime. Check the InfoCenter on where to specify custom classes for the runtime to find them. |
Explanation | The keys passed in may not have been correctly formed or the keystore could not be accessed to store them. |
Action | Attempt to determine the cause based on the exception and adjust the configuration as needed. |
Explanation | A problem occurred while a new key reference was created for the KeySetGroup specified. After the key reference was created in the configuration the key was generated. One of these steps failed. |
Action | Attempt to determine the cause based on the exception and adjust the configuration as needed. |
Explanation | Usage information on the parameters for executing this script. |
Action | None. |
Explanation | Indicates trace mode is on. |
Action | None. |
Explanation | Indicates there's a problem writing to the specified logfile. |
Action | Change the logfile path or make sure the file specified is not in use. |
Explanation | Indicates where the mode is being logged. |
Action | None. |
Explanation | The remote truststore is not found. |
Action | Try issuing -listRemoteKeyStoreNames command to get the list of names. |
Explanation | The alias specified was not found in the truststore. |
Action | Try issuing -listRemoteKeyStoreNames command to get the list of names. |
Explanation | Indicates a list of the remote keystores. |
Action | None. |
Explanation | Indicates a list of the local keystores. |
Action | None. |
Explanation | Indicates the signer being added to the local keystore. |
Action | None. |
Explanation | Indicates no signers needed to be added to the local keystore. |
Action | None. |
Explanation | The local truststore is not found. |
Action | Try issuing -listLocalKeyStoreNames command to get the list of names. |
Explanation | The start date of the certificate is not valid. |
Action | Ensure that the client's clock matches up with the server's clock. Otherwise, create a certificate with the proper start date. |
Explanation | The certificate has expired. |
Action | Replace the certificate with a valid certificate. |
Explanation | Check the command line to ensure the options are correct. |
Action | Check the usage help and retry after correcting the option. |
Explanation | Check the command line to ensure the options are correct. |
Action | Check the usage help and retry after correcting the option. |
Explanation | This message is for informational purposes only. |
Action | No action is required. |