java awapi timed out when using Java 11.0.2
search cancel

java awapi timed out when using Java 11.0.2

book

Article ID: 137226

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

When Using OpenJDK 11.0.2, Applications Manager fails to start due to error "java awapi timed out" message. 


Error found in Agent log is:

ErrorMsg: AwE-5103 network socket error 

Details: Network socket error

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)

 

Error found in Rmi log is:

 

ErrorMsg: AwE-5102 Agent error

Details: Socket[addr=/111.11.1.1,port=1267,localport=60010]

javax.net.ssl.SSLHandshakeException: No available authentication scheme

at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:

Environment

Release: 9.3, 9.4, 9.5

Component: Applications Manager 

Cause

The above error occurs when the SSL certificate in the user_keystore is generated with the algorithm parameter DSA in conjunction with the use of OpenJDK Runtime Environment 11.0.2 that has TLS 1.3 enabled (enabled by default).

The incompatibility between key algorithm DSA and TLS 1.3 in Java 11.0.2 is a known Java bug.

PLEASE NOTE: This may affect other versions of Java as well. Current known issue found below version(s):

OpenJDK Runtime Environment 11.0.2

This issue a Java issue/bug, not an Applications Manager issue.

Resolution

Please note the issue and solution to this article only apply if using OpenJDK Runtime Environment 11.0.2. 

Solution 1. When generating the SSL Certificate in the user_keystore, if the algorithm DSA is required, the solution is to disable TLS 1.3 in Java. Disabling TLS 1.3 can generally be done by editing Java's java.security file. Please refer to Oracle/Java for more information.

Solution 2: When generating the SSL Certificate in the user_keystore, if TLS 1.3 is required, generate the keys with the algorithm EC or RSA instead of DSA. Please refer to Oracle/Java for more information on using java keytool to generate SSL certificates.

Powered by Wolken Software