WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  After Install 9.0.5 FP 22 we prompt for user/password when stop WebSphere

    Posted Wed December 11, 2024 04:41 AM
    Edited by Michael Pressler Wed December 11, 2024 11:04 AM

    Hello,

    after the update to 9.0.5 FP22 we get the dialog for user and password when stopping WebSphere.
    User and password are set in the Soap.client.properties and have worked correctly so far.

    The problem seams to be related with "Hostname verification" Feature comming with FP21.
    Since the customer does not maintain the SAN feature in their certificates, they have disabled hostname verification with com.ibm.ssl.verifyHostname=false.
    This worked for FP21, but is now causing problems in FP22.
     
    In the StopServer.log you can see that the parameter is set:
     
    00000001 SSLConfigMana I CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.
     
    but then the error appears:
     
    00000001 WSX509TrustMa E CWPKI0062E: SSL HANDSHAKE FAILURE: Host name verification error while connecting to host [xyz].  The host name used to access the server does not match the server certificate's [Subject Alternative Name [dnsName:xyz.abc.com]].  The extended error message from the SSL handshake exception is: [No subject alternative DNS name matching xyz found.].
     
    It looks like com.ibm.ssl.verifyHostname=false is not working correctly with FP22.
     
    Regards
    Michael



    ------------------------------
    Michael Pressler
    ------------------------------



  • 2.  RE: After Install 9.0.5 FP 22 we prompt for user/password when stop WebSphere

    Posted Thu December 12, 2024 03:50 AM
    Edited by Gabriel Aberasturi Thu December 12, 2024 03:50 AM

    Hello Michael,

      Have you review the next document?
      
      Hostname verification for WebSphere Application Server traditional
      https://www.ibm.com/support/pages/hostname-verification-websphere-application-server-traditional
      
      You can try to configure the property 
      com.ibm.ssl.skipHostnameVerificationForHosts=xyz.abc.com
      
      Anyway you can open a support case if you think is not working correctly
      
      Hope this helps.
      
    Regards,



    ------------------------------
    Gabriel Aberasturi
    Middleware Architect
    Versia Sistemas TI
    ------------------------------

    Original Message


  • 3.  RE: After Install 9.0.5 FP 22 we prompt for user/password when stop WebSphere

    Posted Thu December 12, 2024 09:26 AM

    Hi Michael

    Are the credentials in your soap.client.properties file encoded or plain text? I've seen a similar issue and using this utility to encode the creds resolved the issue.

    https://www.ibm.com/docs/en/was/9.0.5?topic=files-manually-encoding-passwords-in-properties

    Regards, Kenny



    ------------------------------
    Kenny Dick
    ------------------------------

    Original Message


  • 4.  RE: After Install 9.0.5 FP 22 we prompt for user/password when stop WebSphere

    Posted Mon December 16, 2024 11:32 AM

    Issue was solved in the meantime.

    Customer forgotten to add "com.ibm.ssl.verifyHostname=false" to the ssl.client.props file.

    Now everything works as expected.

    Regards
    Michael



    ------------------------------
    Michael Pressler
    ------------------------------

    Original Message


Related Content