Fixes are available
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
Obtain the fix for this APAR.
APAR status
Closed as program error.
Error description
Attempting to make an outbound SSL call using the wsadmin ANT task to the Deployment Manager fails with SSL error: SOAPException: faultCode=SOAP-ENV:Client; msg=Error parsing HTTP status line " following on from this in the 'fail' trace is : [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=CertAuth, T=Control Region, OU=IBM, O=IBM, L=North America, ST=NY, C=USA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=CertAuth, T=Control Regions, OU=IBM, O=IBM, L=North America, ST=NY, C=USA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error] The problem occurs because the spawned ANT task is using a JAVA_HOME of the SMP/E hfs, and it loaded the java.security file from the SMP/E location rather than using the JAVA_HOME of WebSphere config hfs. The paths below illustrate the problem: ANT task uses SMP/E hfs path: /usr/lpp/zWebSphere/V6R1/java/J5.0 Loaded java.security file from: /usr/lpp/zWebSphere/V6R1/java/J5.0/lib/security/java.security ANT task should be using JAVA_HOME for WebSphere /WebSphere/V6R1/AppServer/java Should be loading java.security file from: /WebSphere/V6R1/AppServer/java/lib/security/java.security
Local fix
In the wsadmin ant task specify a "properties" attribute that points to an hfs file. In the hfs file code an override to point to the correct java.security file in your WAS_HOME. An example of the wsadmin ANT task might look like: <wsadmin wasHome="..." command="..." properties="/tmp/myFile.props" profile="..." ... failonerror="..." /> In the myFile.props specify the absolute location to the java.security file in the <WAS_HOME> hfs. java.security.properties==/WebSphere/V6R1/AppServer/java/lib/sec urity/java.security
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V6.1.0 for z/OS using the wsadmin ANT task * **************************************************************** * PROBLEM DESCRIPTION: The wsadmin Ant task is unable to * * connect to a WebSphere Application * * Server for z/OS runtime when security * * is enabled * **************************************************************** * RECOMMENDATION: * **************************************************************** When running the wsadmin Ant task to connect to a v6.1 WebSphere Application Server on the z/OS platform, the wrong java.security file is used and causes the wrong security providers to be loaded. This results in the following error being displayed in the console that is invoking the Ant task: [wsadmin] WASX7023E: Error creating "SOAP" connection to host "localhost"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailable Exception: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error parsing HTTP status line " ????": java.util.NoSuchElementException; targetException=java.lang.IllegalArgumentException: Error parsing HTTP status line " ????": java.util.NoSuchElementException] [wsadmin] WASX7213I: This scripting client is not connected to a server process; please refer to the log file /USRS/was61/<cell>/<node>/dmgr/profiles/default/logs/wsadmin. traceout for additional information. [wsadmin] WASX8011W: AdminTask object is not available. [wsadmin] WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[${adamRoot}zz_ibm/wasBatch/wasBatch-99009205-Step-1.txt]" [wsadmin] WASX7017E: Exception received while running file "helloWorld.jacl"; exception information: com.ibm.ws.scripting.ScriptingException: WASX7070E: The configuration service is not available.
Problem conclusion
The java.home system property will be set to the value of the JAVA_HOME system property on the JVM that invokes the wsadmin wsadmin Ant task to ensure that the correct java.security file is used. APAR PK52557 is currently targeted for inclusion in Service Level (Fix Pack) 6.1.0.17 of WebSphere Application Server V6.1 for z/OS.
Temporary fix
Comments
APAR Information
APAR number
PK52557
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-09-10
Closed date
2008-02-01
Last modified date
2008-07-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R610 PSY UK36750
UP08/06/10 P F806
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
Document Information
Modified date:
28 December 2021