CA CSM Application Server Fails at Startup when HTTPS is Activated

Troubleshooting › CA CSM Application Server Fails at Startup when HTTPS is Activated

CA CSM Application Server Fails at Startup when HTTPS is Activated

Symptom:

I cannot start up the CA CSM application server. I see the following message in the MSMLOG file:

SEVERE: Error initializing endpoint
Throwable occurred: java.io.IOException: TLS SSLContext not available
               at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init
               (JSSESocketFactory.java:465)
               at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket
               (JSSESocketFactory.java:130)
               at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.
               java:538)
               at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.
               java:176)
               at org.apache.catalina.connector.Connector.initialize(Connector.
               java:1014)
               at org.apache.catalina.core.StandardService.initialize
               (StandardService.java:680)
               at org.apache.catalina.core.StandardServer.initialize
               (StandardServer.java:795)
               at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke
               (NativeMethodAccessorImpl.java:60)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke
               (DelegatingMethodAccessorImpl.java:37)
               at java.lang.reflect.Method.invoke(Method.java:611)
               at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
               at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Reason:

The security provider com.ibm.jsse2.IBMJSSEProvider2 is not defined in the java.security file.

Solution:

If you can edit the java.security file, add the following line to the file, and start the CA CSM application server.
```
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
```
If you cannot edit the java.security file, follow these steps:
1. Create a copy of the java.security file. The original file is located at JAVA_HOME/lib/security/.
2. In the newly created file, add the following line to the list of security providers:
```
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
```
  For example:
```
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
...
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
```
3. Save the file, for example:
```
tomcat/java.security
```
4. In the RunTimeMVSHLQPrefix.SAMPLIB(MSMLIB) member, locate the following line:
```
IJO="$IJO -Xquickstart"
```
5. Add the following statement after the located line, and save the changes:
```
IJO="$IJO -Djava.security.properties==${C_HOME}/java.security"
```
  Important! Do not change the double equal sign (==) in the statement.
6. Recycle the CA CSM application server.