HTTPS SPM (SRM AIM) TEST Generates Error Code 58

book

Article ID: 74973

calendar_today

Updated On:

Products

CA Systems Performance for IM (SystemEdge)

Issue/Introduction

We are getting the error code 58 for all the HTTPS URLS which can be accessed through proxy. The urls are reachable in a browser.
  • You can view the contents of the SystemEDGE\data\port#\plugins\svcrsp\jcollector.log to view the errors the tests are creating:
LOG_CRITICAL][2018-03-28 13:53:14][Thread:Thread-314][Pass #130]: [#602578827] ERRSRC:https ERRCODE:58 INDEX:602578827 NAME: TESTDESC:PORTAL_UIDAI ERROR: jcollector.SATestException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
[LOG_FATAL][2018-03-28 13:53:14][Thread:Thread-316][Pass #130]: SSLHandshakeException thrown by the html page download: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 

 

Environment

Release: SYSEDG99000-12.9-Stand Alone SystemEDGE Agent
Component:

Resolution

  1. Update to SystemEDGE 5.9 with the latest SRM AIM Binaries which support TLS 1.2 (Please refer to https://knowledge.broadcom.com/external/article?articleId=36979).
  2. SystemEDGE 5.9 ships with Java7 as the embedded version.
  3. Validate Java7 supports the cipher the web page is using:



  • This can be accomplished by connecting to the website using the openssl utility which is commonly found on Unix based operating systems such as Red Hat (RHEL).
  • If you do no have access to a Unix based operating system refer to the following web page to download an openssl utility for Windows: https://www.openssl.org/community/binaries.html
  • Run the following command against the HTTPS site causing the ERRCODE:58 error:



openssl s_client -connect <website.com>:443

         4. Locate the following output which will list the Cipher being used:



SSL handshake has read 3393 bytes and written 415 bytes



---



New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384



Server public key is 2048 bit



Secure Renegotiation IS supported



Compression: NONE



Expansion: NONE



No ALPN negotiated



SSL-Session:



    Protocol  : TLSv1.2



    Cipher    : ECDHE-RSA-AES256-GCM-SHA384



    Session-ID: 1DD3FFEC8292344B9C2E81C0DD00E09369AA855AA2DF6A0A254199F0B3A572F5



    Session-ID-ctx: 



    Master-Key: 86F8F905004EE31194278B82854DD098DD33FCB46F050773FC0B7F892EC0E44D98D27E49A2E19DA7D87C22A5549B3E73



    Key-Arg   : None



    Krb5 Principal: None



    PSK identity: None



    PSK identity hint: None



    Start Time: 1522251405



    Timeout   : 300 (sec)



    Verify return code: 0 (ok)


      5. Check with Oracle documentation to see if Java7 (which is embedded with SystemEDGE 5.9 SRM AIM) Supports the cipher:

  • Refer to the "Cipher Suites" Section:


Java7
https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html

Java8
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html

      6. If you determine you need to update to Java8 download the private instance from Oracle:

http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

       7. The steps to update the SystemEDGE SRM AIM Embedded Java is as follows:

  1. Stop CA SystemEDGE.
  2. Navigate to CA\SystemEDGE folder and make a backup copy of the jre folder.
  3. Replace the contents of the jre folder with the contents of the private Java8 instance referenced above.
  4. Start CA SystemEDGE.




 

Additional Information

Troubleshooting SRM AIM HTTP/HTTPS Connection Problems
https://knowledge.broadcom.com/external/article?articleId=36979

CA SystemEDGE SRM AIM not Monitoring HTTPS sites with TLS Authentication
https://knowledge.broadcom.com/external/article?articleId=31294

 

 

Attachments

jre-8u151-windows-x64.tar_1597936612021.gz get_app