IBM Security Verify

 View Only

  • 1.  javax.net.ssl.SSLHandshakeException from Risk Score Report

    Posted Fri September 25, 2020 05:47 PM
    I'm following the ISVA MMFA Cookbook and when I access the mobile-demo/diag page, i get the following errors: 

    "There was an error retrieving the latest risk calculation report: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    Either the LMI host and port isn't working, risk score calculation report property (riskEngine.reportsEnabled) in the advanced property isn't enable or the hostname and port wasn't provided.
    Please provide the hostname:port which points to the LMI of the Verify Access server in the setting page."

    I have verified the riskEngine.reportsEnabled is enabled in the Advanced Tuning Parameters. 

    I've also verified the lmi host and port on the settings page. One thing I did see was localhost:443 set for the runtime host and port. I tried changing that to the hostname of the appliance just to see if that would work but got the same error and the setting changed back to localhost when i went back to the setttings page. 

    I probably set something up wrong but not sure where to look. 

    Gary 



    ------------------------------
    Garren Linker
    ------------------------------


  • 2.  RE: javax.net.ssl.SSLHandshakeException from Risk Score Report

    Posted Fri September 25, 2020 06:18 PM

    Hi Gary,

    First of all, are you in a Docker environmet?  I don't think so (since you mention appliance) but asking because the risk score lookup doesn't work under Docker.

    If you have set the demo app properties under advanced properties this will override what you have in settings. So, changes have to be made in advanced properties or the advanced properties removed so the setting page will work.

    The mobile demo runs in the runtime so localhost:443 should be fine.

    the risk reports come from the LMI so those are the settings that are important. Make sure your pointing to the management interface of the appliance.

    It might be worth checking that the server certificate for the LMI is loaded to the rt_profile keystore so it can trust the LMI server. The error seems to be indicating a validation error.  Not sure I've ever had to do that manually though. 

    Not sure what else to suggest.  Let is know about the above suggestions. 


    Jon. 



    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------

    Original Message


  • 3.  RE: javax.net.ssl.SSLHandshakeException from Risk Score Report

    Posted Fri November 06, 2020 03:43 PM
    Edited by Vergel Adriano Fri November 06, 2020 05:24 PM
    I'm getting the same error on Verify Access 10.  I tried the same steps on ISAM 9.0.6 and did not have any problem.  I tried loading the LMI cert on the rt_profile keystore in Verify Access 10 but still got the same error: "There was an error retrieving the latest risk calculation report: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake"


    Vergel

    ------------------------------
    Vergel Adriano
    ------------------------------

    Original Message


  • 4.  RE: javax.net.ssl.SSLHandshakeException from Risk Score Report

    Posted Mon February 07, 2022 09:26 AM
    Hello, Check this
    https://www.ibm.com/support/pages/after-enabling-tls-v12-websphere%C2%AE-client-requested-protocol-tlsv1-not-enabled-or-not-supported-error-occurs

    ------------------------------
    Mohinz Tidjani
    Security Technical Consultant
    IBM
    ------------------------------

    Original Message