function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SSLHandshakeException and ValidatorException in websphere but not tomcat (same JDK)

Hi All,

I read all the threads about this but I'm still having this issue.
I've been developing an application and it runs fine under tomcat.

When I deploy it under Websphere Community Edition, my login to salesforce fails with the following exception message:
nested exception is: No trusted certificate found
And part of the stack trace: No trusted certificate found
        at org.apache.axis.AxisFault.makeFault(
        at org.apache.axis.transport.http.HTTPSender.invoke(
        at org.apache.axis.strategies.InvocationStrategy.visit(
        at org.apache.axis.SimpleChain.doVisiting(
        at org.apache.axis.SimpleChain.invoke(
        at org.apache.axis.client.AxisClient.invoke(
        at org.apache.axis.client.Call.invokeEngine(
        at org.apache.axis.client.Call.invoke(
        at org.apache.axis.client.Call.invoke(
        at org.apache.axis.client.Call.invoke(
        at org.apache.axis.client.Call.invoke(
        at com.sforce.soap.partner.SoapBindingStub.login(

Here's the url that I'm trying to connect to:

It's the same URL in tomcat and websphere.

Please note that tomcat and websphere are running under the exact same JDK, namely Sun 1.4.2_11.

Most of the threads about this error say you can solve it by upgrading your JDK. I am already running the highest 1.4x JDK and Websphere does not run (as far as I can tell) under java 1.5x.

Other threads had instructions about upgrading the certificates stored in JAVA_HOME/jre/lib/security/cacerts. I followed those instructions to the letter and that did not help or change the situation--the app still works on Tomcat 5.0.28 but not Websphere.

Hope someone can help. I am developing this app under tomcat but it needs to be deployed to websphere.


You are correct in what you have read in the board searches.  I have seen these issues for over 2 years now (or when ever those certificates in JDK 1.4.x expired)  and in every case a lower version of the jdk has been the issue.

I believe that Websphere is not running against 1.4.2_11.   Besides typing java -version at the command prompt -- try something bizarre, like deleting 1.4.2_11 or renaming it, and see if websphere still works.  I'm thinking that Websphere installed a JRE when it installed, and the Websphere JRE was one of the ones with the expired certificates. 

Either that or find every lower instance of java installed on the computer and remove it. 

Some configuration is allowing tomcat to pick up the correct certs, but not Websphere. 

I actually tried that--I renamed the jdk 1.4.2_11 directory and started websphere, and it complained in its log file about not being able to find the jdk, and stopped.

I tried the same with tomcat.

So I feel pretty sure they are using the same JDK.

There should not be any lower JDK's around (though there is a 1.5 JDK). I'll make double sure of this.

This makes it seem like an issue with websphere. Is there anything else I can try?

Message Edited by dandante on 04-19-2006 11:53 AM

This sounds very websphere specific, you'll probably be able to get better help by asking the websphere folks.

Ok - since I ran into this problem and someone might benefit here's the issue:

WebSphere's JVM actually validates that the certificates that are embedded in the JDK are in fact valid.  Once I discovered this, you can either upgrade to a newer VM, or you can actually replace the bad certificates in the JDK (in the JRE directory of WebSphere in the WebSphere case).  Here's the relevant URL from the Sunsolve site: