When trying to login to CAD Integrator (CI), we get a generic error: https:// secure site, SSL related. We had recently upgraded to TRIRIGA Platform 220.127.116.11 and are running CAD Integrator 12.1.1. We have taken a patch for 18.104.22.168 to get the option to “Always Trust SSL Certificates”. But that did not resolve our login issue.
When attempting to login to CI, it is reporting a login failure:
2016-02-20 12:42:16,855 ERROR [com.tririga.ci.login.LoginServiceImpl](pool-1-thread-6) Login failed: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://FRONT_END_SERVER:443/pc/ci/dispatch":peer not authenticated; nested exception is javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
The cause is the incorrect version configuration for TLSv1. We requested that the customer provide us with a MustGather summary for our extended team to review the WebSphere configuration. Following the instructions for “Collecting Data Manually”, we were able to identify a disconnect in the version of TLSv1. The SSL trace shows:
[3/25/16 9:27:01:186 EDT] 000000bf SystemOut O WebContainer : 0, fatal error: 40: Client requested protocol TLSv1 not enabled or not supported javax.net.ssl.SSLHandshakeException:
Looking at the security.xml file for the node, we can see that it is set to use TLSv1.2 exclusively. Therefore, it is not able to accept the SSL handshake from the client, because it is trying to use TLSv1. To resolve this issue, it is necessary to either configure the client to use TLSv1.2, or configure the server to allow TLSv1.
[Admin: For convenience, here are the meanings of the acronyms: Secure Sockets Layer (SSL), Transport Layer Security (TLS).]