App Connect

 View Only
Expand all | Collapse all

SSL setup not working in ACEv11

  • 1.  SSL setup not working in ACEv11

    Posted Tue August 25, 2020 12:14 PM
    Hi Team,

    I am facing some issues while doing SSL configuration in ACE v11.

    Using a self signed certificate I was able to test a dummy API which returns a status as SUCCESS.

    However if I enable EnableTLSTrace to true in server.conf.yaml file(under HTTPSConnector), the same API throws error and return Error: read ECONNRESET when tested from postman.

    In the integration server console.txt file I can see the below error is reported. The same API is not working when the trace is enabled. So can someone please explain what might be the reason here and what does this error means:


    ..U....WB1.0...U | PARSE ABORTED! An error occurred during parsing at offset 0x0000000a:
    2020-08-25 16:01:08.048814 9892 SENT --> | 00000050: 0407 1307 4b4f 4c4b 4154 4131 0c30 0a06 ....KOL1.0.. | Message: OpenSSL failed to parse the ASN.1 encoded certificate into a valid X509 certificate

    I am currently testing with only one way SSL and trying to understand the behavior.

    Below command is used to generate a self signed cert:

    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048


    Prosanta Saha

  • 2.  RE: SSL setup not working in ACEv11

    Posted Wed August 26, 2020 08:48 AM
    Hi Saha, have you tried working with this IBM sample:

    Matthias Jungbauer

  • 3.  RE: SSL setup not working in ACEv11

    Posted Thu August 27, 2020 09:18 AM
      |   view attached
    Thanks Matthias, however the command doesn't execute in my system. Getting the below error:

    Prosanta Saha

  • 4.  RE: SSL setup not working in ACEv11

    Posted Thu August 27, 2020 11:20 AM
    Maybe this helps

    Matthias Jungbauer

  • 5.  RE: SSL setup not working in ACEv11

    Posted Sat October 10, 2020 02:19 PM
    Hello Saha,

    We faced the same issue you described and the solution we found was to disable the EnableTLSTrace property in server.conf.yaml.

    We did a test with two Integration Servers and the same certificate, one was configured with EnableTLSTrace=true and the other one was configured with EnableTLSTrace=false. We deployed the same web service in both Integration Server and using the same browser to get the wsdl file, it only worked the retrieve of the wsdl that belongs to the web service deployed in the Integration Server that has the TLS trace disabled. Once we disable the TLS trace we are able to retrieve the wsdl file without errors.

    We faced this behaviour in version, and our current version

    I know that this only to tell you that you are not alone with this issue.


    Francisco A Buccafusca

  • 6.  RE: SSL setup not working in ACEv11

    Posted Sat October 10, 2020 02:38 PM
    Hi Francisco,

    Thank you for sharing your experience.

    This looks like some sort of bug in the version. We will raise a PMR on this and will let you know if we get any updates.


    Prosanta Saha

  • 7.  RE: SSL setup not working in ACEv11

    Posted Tue September 06, 2022 11:32 AM
    I am seeing a very similar error in ACE Was a PMR filed for the above and if so has it not been resolved?

    Thank you,


    Mark Caro

  • 8.  RE: SSL setup not working in ACEv11

    IBM Champion
    Posted Tue September 06, 2022 11:54 AM

    What do you mean SSL is not working in ACEv11?


    We have many https connections in ACEv11 and ACEv12.


    Are you referring to the WebGui?


    What does your yaml file look like?


    Susan Barker

    Lead MQ, ACE, ITX, Kafka, WAS Architect

    Victory is nothing without humility, respect and charity...unknown

    Let no one ever come to you without leaving happier...Mother Theresa

    Logo, company name  Description automatically generated

    IBM WAS Advisory Board

    IBM ACEvNext Beta Program

    IBM MQvNext Beta Program




  • 9.  RE: SSL setup not working in ACEv11

    Posted Tue September 06, 2022 02:07 PM

    TLS is working fine for us as well using the HTTP Input and HTTP Request nodes.  The issue is if you set EnableTLSTrace parameter to true for the Integration Server hosting the HTTP Input node you get the error msg described in the post.  If you do not set this parameter all works fine.  I want to be able to see the TLS handshake in the console log for the HTTP Input node.  Below is the HTTPSConnector portion of the server.conf.yaml.



        KeyAlias: 'server-alias'

        ListenerPort: '8876'

        ReqClientAuth: 'true'

        EnableTLSTrace: true




    Mark Caro