Troubleshooting
Problem
A WebSphere Application Server failed with an out of memory condition. To recover, the application server was restarted. After the appserver was restarted the fronting Websphere Proxy Server was unable to reconnect with the backend server and an outage occured for attempts to access the deployed application.
Symptom
An HTTP 503 error is logged in the proxy Local log. For requests that are typically expected to be proxied to a backend server, logging the request in the Local log can be an indication that the request could not be proxied. Restarting the proxy server resolved the problem.
The connection between proxy and appserver was an HTTPS/SSL connection. The connection could not be established due to the proxy security.xml expecting an SSL certificate alias to match to a certificate in the SSL keystore and not finding the certificate in that keystore. SystemOut on proxy server logged error: (example)
java.lang.IllegalArgumentException: CWPKI0024E: The certificate alias
"mycert.org" specified by the property com.ibm.ssl.keyStoreServerAlias is
not found in KeyStore
"/opt/WebSphere/AppServer/profiles/Custom01/config/cells/Cell01/node
s/rNode01/key.p12".
Cause
Examination of the specified key.p12 found no certificate with that alias. The only alias name available for that keystore was "default". At some previous point prior to the error the keystore was changed by an admin, but the security.xml files did not get updated with the correct certificate alias names.
Resolving The Problem
A restart of the proxy server would reconnect the failing HTTPS/SSL connection with the backend appserver but this should not be required. The proxy should have been able to reconnect when the appserver was back online without having to restart proxy. Resolving the problem requires updating the security.xml so that it has the correct SSL certificate alias name.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21447929