Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Websphere server level keystore and truststore doesn't work

SA-37943

Summary



The user is having issue with connectors when keystore and truststore are defined at Websphere server level. To overcome this issue a local change was suggested to pass the keystore and truststore as JVM argument. This resolved the issue but caused SMA to fail. Deploying prsysmgmt into the different JVM independently works but user needs to have the SMA on the same JVM where Pega is running.


Error Messages



When keystore and truststore are defined at Websphere server level all connectors fails with
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

With local of passing the keystore and truststore as JVM argument this connector works bur SMA fails with the following exception:

com.pega.jmx.ui.util.JMXClientException: Exception getting MBean Server connection. Fail to instantiate WASJMXConnector
Failed to get mbean server connection
SMA ERROR: Failed to create admin client
ADMC0016E: The system cannot create a SOAP connector to connect to host servername.com at port 1234


Steps to Reproduce

  1. Define keystore and truststore at Websphere server level
  2. Execute any REST connect rule with HTTPS endpoint
  3. The REST call will fail
  4. Pass the keystore and truststore as JVM argument
  5. Execute any REST connect rule with HTTPS endpoint
  6. It will be success but then
  7. Open a node from SMA

Root Cause



A defect in Pegasystems. Pega 721 OOTB doesn't support Websphere cell level keystore and truststore. ​The issue with the SMA is the side effect of setting the keystore and truststore through JVM argument . Resolving the first issue with Websphere cell level keystore and truststore support will automatically resolve the SMA issue.

Resolution



Apply HFix-34245
Then remove the JVM argument for Keystore and Trustore
Configure the certificates and keys at Websphere cell level

Published May 16, 2017 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us