Explanation | SSL service is initializing the configuration. |
Action | None. Informational only |
Explanation | SSL service initialization completed successfully.. |
Action | None. Informational only |
Explanation | SSL service is starting. |
Action | None. Informational only |
Explanation | SSL service started. |
Action | None. Informational only |
Explanation | SSL service initialization failed |
Action | None. Informational only |
Explanation | An unexpected exception occurred when trying to create or register an mBean. |
Action | There may be a problem with the configuration. The exception may include details. |
Explanation | SSL service did not start. |
Action | None. Informational only |
Explanation | An unexpected error occurred during security initialization. |
Action | This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling SSL=all=enabled debug trace may yield additional information. |
Explanation | Cannot create the security object from repository. Internal Error. |
Action | The security.xml might be corrupted or missing. Contact your service representative. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: http://www.ibm.com/software/webservers/appserv/was/support/ WebSphere Application Server for z/OS Support page: http://www.ibm.com/software/webservers/appserv/zos_os390/support/ . |
Explanation | The specified resource could not be loaded due to an exception. |
Action | The failure may be related to a configuration problem related to the resource. |
Explanation | The server is running in FIPS mode, using the IBMJCEFIPS provider. |
Action | No user action is required. |
Explanation | When the server is running in FIPS mode the IBMJCEFIPS provider should be in the java.security file. |
Action | The java.security file needs to be changed to include the IBMJCEFIPS provider in the provider list before the IBMJCE provider. |
Explanation | Describes whether the SSL component's FFDC Diagnostic module was successfully registered. |
Action | None. Informational only. |
Explanation | An unexpected error occurred stopping the SSL component. |
Action | This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling SSL=all=enabled debug trace may yield additional information. |
Explanation | A certificate is about to expire in the keystore. |
Action | Open the keystore and validate the expiration dates on all certificates in the keystore. Prepare to generate new certificates, if necessary. |
Explanation | A certificate is expired in the keystore. |
Action | Open the keystore and validate the expiration dates on all certificates in the keystore. Remove any expired certs. |
Explanation | The keystore type configured is not correct. |
Action | Change the keystore type in the SSL configuration. |
Explanation | There may be a problem with the syntax of the ssl.client.props file or the location of the file is not valid. |
Action | Review the error returned and check the syntax and location of the ssl.client.props file. |
Explanation | A class loading error occurred loading the custom trust manager configured. |
Action | Ensure the class can be found in the environment. |
Explanation | A class loading error occurred loading the custom key manager configured. |
Action | Ensure the class can be found in the environment. |
Explanation | An error occurred during the SSL handshake. It may require a signer export/import from the target host to the client TrustStore. |
Action | Review the extended error message from the TrustManager to determine what needs to change between the target SSL configuration and the client SSL configuration. |
Explanation | The certificate alias specified for this SSL configuration is not in the specified KeyStore. |
Action | Either add a certificate into the KeyStore with the specified certificate alias or change the specified certificate alias to match an alias found in the client KeyStore. |
Explanation | The certificate alias specified for this SSL configuration is not in the specified KeyStore. |
Action | Either add a certificate into the KeyStore with the specified certificate alias or change the specified certificate alias to match an alias found in the server KeyStore. |
Explanation | There was a classloading error trying to load the HTTPS URLStreamHandler class. |
Action | Check the SSL configuration to ensure the context provider is correct for the platform. |
Explanation | An exception occurred reading the SSL configurations from the security.xml after a change occurred. |
Action | Review the exception message text and verify the SSL configuration parameters are valid. |
Explanation | Hostname verification will be disabled by default for URL connections. Hostname verification checks that the X509 Certificate Common Name (CN) matches the hostname it is from. |
Action | To enable default JSSE URL hostname verification, set the com.ibm.ssl.performURLHostNameVerification property to true. |
Explanation | The handshake protocol specified is not recognized as a valid handshake protocol. |
Action | Check the SSL configuration to ensure the right handshake protocol is specified. |
Explanation | The SSL context provider specified is not recognized as a valid context provider. |
Action | Check the SSL configuration to ensure the correct SSL context provider is specified. |
Explanation | The DefaultKeyStores between cell and node will have exchange signers with corresponding DefaultTrustStores. An error occurred during this process. |
Action | A manual signer exchange may be required. |
Explanation | An error occurred while creating the file-based keystore or truststore during process initialization. Check that the keystore or truststore settings are valid. |
Action | Verify the keystore or truststore settings in the ssl.client.props are current. |
Explanation | An error occurred while creating a self-signed certificate during process startup. |
Action | Check that the default self-signed certificate property values (com.ibm.ssl.defaultCertReq*) are valid. |
Explanation | An error occurred while creating or opening the keystore. |
Action | Check the properties in the keystore configuration and ensure the keystore exists. |
Explanation | An error occurred initializing the schedule. |
Action | Check that the properties for the scheduler are valid. Ensure the /etc directory is writable. |
Explanation | An error occurred reading the date from the schedule file in /etc. |
Action | Ensure the /etc directory is writable or the file has not been modified. |
Explanation | An error occured sending email to the specified SMTP server. |
Action | Ensure the SMTP server specified is valid and that your companies firewall policy allows sending to SMTP ports. |
Explanation | This information concerns certificate expiration. |
Action | You may need to manage certificates to resolve the reported problems. |
Explanation | A problem occurred starting the expiration monitor command task. |
Action | Try starting the expiration monitor explicitly to determine more information about the error. |
Explanation | Make sure the hostname entered is in the canonical format as it appears in serverindex.xml. |
Action | Edit the hostlist to convert it to the proper canonical format. |
Explanation | This message is for provides options for the client to retrieve signers needed for a successful SSL connection. |
Action | Either run retrieveSigners or enable the signer exchange prompt to correct the problem. |
Explanation | When the Application Server starts for the first time as a stand-alone application server or in a Network Deployment configuration, each server creates a keystore and truststore for the default Secure Sockets Layer (SSL) configuration. When the Application Server creates these files, by default, it uses WebAS for the password. Do not use the default password in production. The warning message suggests that you change the password. |
Action | To eliminate this warning message, change the default password for the keystore and the truststore using the administrative console and also change these passwordsby editing the ssl.client.props file. When you change the passwords in the ssl.client.props file, you must use the PropFilePasswordEncoder utility to re-encode the newpasswords. |
Explanation | After creating a chained or self signed certificate, the corresponding signer certificate could not be stored in the issued certificates key store. |
Action | Check the associated error information for the cause of the failure. |
Explanation | An error occurred while creating a chained certificate during process startup. |
Action | Check that the default chained certificate property values (com.ibm.ssl.defaultCertReq*) are valid and that a valid certificate exists in the root key store. |
Explanation | The KeySet either does not have a keyGenerationClass defined, it cannot find the keyGenerationClass, or a read-only KeyStore is associated with the KeySet, or the KeyStore does not allow the writing of secret keys. |
Action | Modify the configuration so that a proper keyGenerationClass is configured and a KeyStore type is configured which allows the writing of secret keys. |
Explanation | An error occurred while retrieving keys from the KeyStore for the specified KeySet. |
Action | Check that the KeySet configuration is correct. |
Explanation | Either the runtime could not find the key generation class configured for the KeySet or the class does not either implement com.ibm.websphere.crypto.KeyGenerator or com.ibm.websphere.crypto.KeyPairGenerator. |
Action | Ensure the key generation class configured is specified in a location that can be found by the WebSphere runtime. Check the information center for specifying custom classes so that runtime can find them. |
Explanation | The keys passed as input may not have been correctly formed or the keystore could not be accessed to store them. |
Action | Attempt to determine the cause based on the exception and adjust the configuration accordingly. |
Explanation | A problem occurred while a new key reference was created for the specified KeySetGroup. After the key reference was created in the configuration, the key was generated. One of these steps failed. |
Action | Attempt to determine the cause based on the exception and adjust the configuration as needed. |
Explanation | Usage information on the parameters for executing this script. |
Action | None. |
Explanation | Indicates trace mode is on. |
Action | None. |
Explanation | There's a problem writing to the specified logfile. |
Action | Change the logfile path or make sure the file specified is not in use. |
Explanation | Indicates where the mode is being logged. |
Action | None. |
Explanation | The remote truststore is not found. |
Action | Try issuing -listRemoteKeyStoreNames command to get the list of names. |
Explanation | The alias specified was not found in the truststore. |
Action | Try issuing -listRemoteKeyStoreNames command to get the list of names. |
Explanation | Indicates a list of the remote keystores. |
Action | None. |
Explanation | Indicates a list of the local keystores. |
Action | None. |
Explanation | Indicates the signer being added to the local keystore. |
Action | None. |
Explanation | Indicates no signers needed to be added to the local keystore. |
Action | None. |
Explanation | The local truststore is not found. |
Action | Try issuing -listLocalKeyStoreNames command to get the list of names. |
Explanation | The start date of the certificate is not valid. |
Action | Ensure that the client's clock matches up with the server's clock. Otherwise, create a certificate with the proper start date. |
Explanation | The certificate has expired. |
Action | Replace the certificate with a valid certificate. |
Explanation | Check the command line to ensure the specified option is correct. |
Action | Check the usage help and retry after correcting the option. |
Explanation | Check the command line to ensure the specified options are correct. |
Action | Check the usage help and retry after correcting the option. |
Explanation | There are no SSL configuration properties set. The property 'com.ibm.SSL.ConfigURL' may not be set properly or there may have been an error parsing the SSL client configuration. |
Action | Check the ssl.client.props file for errors and make sure 'com.ibm.SSL.ConfigURL' is set property. |
Explanation | Usage information on the parameters for executing this script. |
Action | None. |
Explanation | Indicates that trace mode is on. |
Action | None. |
Explanation | Indicates an error writing to the specified logfile. |
Action | Change the logfile path or to the correct logfile or make sure the file specified is not in use. |
Explanation | Indicates where the mode is being logged. |
Action | None. |
Explanation | Check the command line to ensure the options are correct. |
Action | Check the usage help and retry after correcting the option. |
Explanation | Check the command line to ensure the options are correct. |
Action | Check the usage help and retry after correcting the option. |
Explanation | An attempt to load the custom PKI client implementation failed because the class could not be found by the classloader. |
Action | Check that the custom class exists in your installation's classes directory. |
Explanation | An attempt to load the custom PKI client implementation failed because the class is not an instance of com.ibm.ws.ssl.WSPKIClient. |
Action | Check that the custom class implements com.ibm.ws.ssl.WSPKIClient. |
Explanation | The certificate specified is not a personal certificate. |
Action | Rerun the command with a personal certificate alias name. |
Explanation | Unable to receive the certificate from the Certificate Authority (CA) because public keys do not match. |
Action | Rerun the command using a certificate retrieved from a Certificate Authority (CA) that was generated with the certificate request coming form this specified alias in this keystore. |
Explanation | The local keyStore is not found. |
Action | Check that the keyStore exists on the client and has an alias in ssl.client.props. |
Explanation | In order to receive a certificate in a key store the public key of the certificate must match the public key of a certificate in the key store. |
Action | Run the command with a certificate that has a public key that matches the public key of a certificate in the key store. |
Explanation | The certificate request was not processed immediately by the Certificate Authority (CA) and mst be obtained out-of-band. |
Action | Run queryCertificate to check on the status of the certificate and receive it if the request has been processed. |
Explanation | The value provided is not the correct type. |
Action | Check the usage help and retry after correcting the type of the value. |
Explanation | A proper value was not provided on the command line. |
Action | Check the usage help and retry after correcting the option. |
Explanation | An error occurred while initializing the Certificate Authority (CA) implementation. |
Action | Check the associated error message. |
Explanation | An error occurred while attempting to create a Certificate Authority (CA) signed certificate. |
Action | Check the associated error message. |
Explanation | An error occurred while attempting to revoke a Certificate Authority (CA)) signed certificate. |
Action | Check the assoicated error message. |
Explanation | An error occurred while attempting to query the certificate authority (CA) for a signed certificate. |
Action | Check the associated error message. |
Explanation | Unable to receive the certificate because the keystore specified is read-only. |
Action | Specify a keystore that is writable. |
Explanation | The certificate request received from the Certificate Authority (CA) was unable to be stored successfully in the specified keystore. The certifcate will be revoked and a retry of the request is necessary to obtain a new certificate. |
Action | Check the previous failure messages related to storing the keystore and correct the issue(s) before retrying the certificate request. |
Explanation | None |
Action | None |
Explanation | None |
Action | None |
Explanation | The PKCS10 certifcate request could not be created |
Action | Check the message logs for details |
Explanation | Unable create the certificate request because the alias specified alrady exists in the keystore. |
Action | Specify another alias name. |
Explanation | The subjectDN supplied is incorrect and does not conform to the X500Principal standard. |
Action | Check the subjectDN and ensure that it is in the correct form. |
Explanation | An option provided was not recognized and will be ignored. |
Action | Check the command usage an ensure the argument supplied is correct. |
Explanation | The custom attributes were not entered in the proper form. |
Action | Check the usage help and retry after correcting the value specified. |
Explanation | This message is for informational purposes only. |
Action | No action is required. |
Explanation | The attribute passed to the implementation is null or of the incorrect type. |
Action | Ensure that the required attribute is passed to the implementation. |
Explanation | The byte array of the certificate request is null. |
Action | Check that a valid certificate request byte array is passed to the implementation. |
Explanation | The byte array of the revocation password for this request is null. |
Action | Check that a valid revocation password byte array is passed to the implementation. |
Explanation | An unexpected error has occured. |
Action | Contact IBM support. |
Explanation | The temporary file could not be written to the filesystem. |
Action | Ensure the path to the temporary file exists, is writable and has space available. |
Explanation | Requesting a Certificate Authority (CA) signed certificate. |
Action | None. Informational only |
Explanation | An unexpected error occurred requesting the certificate. |
Action | Check the log file for detailed error information. |
Explanation | An error occurred revoking the certificate. |
Action | Check the log file for detailed error information |
Explanation | An unexpected error occurred querying the certificate. |
Action | Check the log file for detailed error information. |
Explanation | The certificate chain is null. |
Action | Check that a valid certificate chain is passed to the implementation. |
Explanation | Revoking a Certificate Authority (CA)) signed certificate. |
Action | None. Informational only. |
Explanation | Action not supported. |
Action | None. Informational only. |
Explanation | A request to revoke a Certificate Authority (CA) signed certificate has been issued. |
Action | Verify with the external Certificate Authority (CA) that the certificate has been successfully revoked. |
Explanation | A signed certificate was received from the Certificate Authority (CA). |
Action | None. Informational only. |