We recently upgraded our WAS from 8.5.5 to WAS 9.0. The datasource test connection

from adminconsole fails with the following error:DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource XXX. Encountered java.sql.SQLRecoverableException: IO Error: General SSLEngine problem, connect lapse 0 ms., Authentication lapse 0 ms. DSRA0010E: SQL State = 08006, Error Code = 17,002.

java.sql.SQLRecoverableException: IO Error: General SSLEngine problem, connect lapse 0 ms., Authentication lapse 0 ms. DSRA0010E: SQL State = 08006, Error Code = 17,002

at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:794)

at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:688)

at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)

at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:691)

at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:384)

at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:273)

at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:198)

at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:140)

at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:86)

at com.ibm.ws.rsadapter.DSConfigHelper$1.run(DSConfigHelper.java:1273)

at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5488)

at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5614)

at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)

at com.ibm.ws.rsadapter.spi.ServerFunction$6.run(ServerFunction.java:567)

at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)

at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1288)

at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1196)

at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:2076)

at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:1952)

at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionForGUI(DSConfigurationHelper.java:2820)

Caused by: java.io.IOException: General SSLEngine problem, connect lapse 0 ms., Authentication lapse 0 ms.

at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:790)

.....

Caused by: java.io.IOException: General SSLEngine problem, connect lapse 0 ms.

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at com.ibm.jsse2.C.z(C.java:532)

at com.ibm.jsse2.ap.b(ap.java:476)

at com.ibm.jsse2.ap.c(ap.java:112)

at com.ibm.jsse2.ap.wrap(ap.java:277)

at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:21)

at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:490)

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued by CN=xxx Root CA is not trusted; internal cause is:

java.security.cert.CertPathValidatorException: Certificate chaining error

at com.ibm.jsse2.util.f.a(f.java:21)

Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued by CN=xxx Root CA is not trusted; internal cause is:

java.security.cert.CertPathValidatorException: Certificate chaining error

at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:422)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)

at com.ibm.jsse2.util.f.a(f.java:153)

... 128 more

Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=xxx Root CA is not trusted; internal cause is:

java.security.cert.CertPathValidatorException: Certificate chaining error

at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)

at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:199)

at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:749)

at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:661)

at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:607)

at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:607)

at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:368)

..

Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error

at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316)

at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)

--------------------------------------------------------------------

Certificate chaining error can occur if the root and intermediate certificates are missing in the cacerts keystore.

You will need to use ikeyman or keytool to add this intermediate certificate under the signer certificate of cacerts.

If you have an intermediate certificate, then please see the example below on how to add the missing certificate to the keystore:

keytool -import -file c:\intermediate.cer -alias intermediateCert -keystore WAS_INATALL_ROOT\java\8.0\jre\lib\security\cacerts