Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SSL : NoSuchAlgorithmException Error constructing implementation

SA-19199

Summary

Connect-SOAP fails trying to connect to SSL secured SOAP endpoiont.

Error Messages

Test|Rule-Connect-SOAP.Testsearch2 X176442 - Unable to get environment's protocols
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: IBMJSSE2, class: com.ibm.jsse2.ec)
                at java.security.Provider$Service.newInstance(Provider.java:1271)
                at sun.security.jca.GetInstance.getInstance(GetInstance.java:249)
                at sun.security.jca.GetInstance.getInstance(GetInstance.java:177)
                at javax.net.ssl.SSLContext.getInstance(SSLContext.java:26)
                at javax.net.ssl.SSLContext.getDefault(SSLContext.java:9)
                at com.pega.pegarules.integration.engine.internal.ssl.SSLUtils.<clinit>(SSLUtils.java:101)
                at java.lang.J9VMInternals.initializeImpl(Native Method)
                at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)

Caused by:
java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Invalid keystore format
                at com.ibm.jsse2.cc.a(cc.java:58)
                at com.ibm.jsse2.ec.g(ec.java:19)
                at com.ibm.jsse2.ec.<init>(ec.java:5)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:86)
                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:58)
                at java.lang.reflect.Constructor.newInstance(Constructor.java:542)
                at java.security.Provider$Service.newInstance(Provider.java:1252)
                ... 117 more
 

Steps to Reproduce


1. Connect to SSL secured SOAP endpoint from Connect-SOAP.

 

Root Cause

A third-party product issue. Add  the following JVM argument for verbose debug during SSL handshake (JVM restart is required):
-Djavax.net.debug=all:handshake:verbose

Trust type being used on this enviroment was pkcs12, from the SSL logs, it seems IBM Websphere was using jks truststore type which was default. The mismatch between the truststore type was causing the exception.

[1/22/16 14:51:51:608 EST] 00000201 SystemOut     O trustStore is path: /usr/WebSphere/AppServer_8.5.64bit/profiles/gicone/etc/key.p12 to trustStore
[1/22/16 14:51:51:608 EST] 00000201 SystemOut     O trustStore type is: pkcs12
[1/22/16 14:51:51:608 EST] 00000201 SystemOut     O keyStore provider is:
[1/22/16 14:51:51:608 EST] 00000201 SystemOut     O init keystore
[1/22/16 14:51:51:609 EST] 00000201 SystemOut     O IBMKeyManager: Exception accessing default keystore: java.io.IOException: Invalid keystore format

Resolution

Make the following change to the operating environment: Add the following JVM argument to force IBM Websphere to use the right truststore type

-Djavax.net.ssl.trustStore=pkcs12
-Djavax.net.ssl.trustStoreType=<PATH_TO_TRUSSTORE>

Tags:

Pega Platform Pega Platform 7.1.9 Data Integration

Published January 30, 2016 - Updated November 27, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve?
Suggest an edit
Report a Pega Community bug

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice