When upgrading to OpenJDK 11.0.2, Applications Manager fails to start due to error "java awapi timed out" message.
Error found in the local AgentService<timestamp>.log generated at start up:
ErrorMsg: AwE-5103 network socket error
Details: Network socket error
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
Error found in RmiServer<timestamp>.log generated at start up:
ErrorMsg: AwE-5102 Agent error
Details: Socket[addr=/10.0.0.1,port=1267,localport=60010]
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:
Applications Manager 9.4+
The above error occurs when the SSL certificate in the user_keystore is generated with the algorithm parameter DSA in conjunction with the use of OpenJDK Runtime Environment 11.0.2 that has TLS 1.3 enabled (enabled by default).
The incompatibility between key algorithm DSA and TLS 1.3 in Java 11.0.2 is a known Java bug.
If upgrading to Java 17 or 21, existing user_keystore and user_keystore_config files may need to be re-generated as current user_keystore and user_keystore_config files generated on a much older version of Java may not be compatible with new Java version
Note:
This issue a Java issue/bug, not an Applications Manager issue.
Generate new user_keystore and user_keystore_config files using the upgraded version of Java and with the algorithm EC or RSA instead of DSA.
More information on generating keystore can be found at the documentation here.