Technote (FAQ)
Question
When accessing the TSPM menu in the TIP console, it reports following error "CTGVG0263E The Tivoli Security Policy Manager cannot be reached". What is wrong?
Cause
Checking the SystemOut.log on the TIP profile, following messages are seen:
com.ibm.jsse2.util.h: No trusted certificate found javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found
at com.ibm.jsse2.n.a(n.java:28)
at com.ibm.jsse2.jc.a(jc.java:235)
at com.ibm.jsse2.db.a(db.java:268)
This is an indication that the Singer Certificate of the WebSphere Server that servers the IBM Tivoli Security Policy Manager application cannot be trusted by the TIP Server.
Answer
A quick way to check in TIP is by looking at the expiration date of the 'tspm_server' certificate:
TIP > Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates > tspm_server
In case the Signer Certificate has expired, you can overcome this situation by importing the TSPM Server (WebSphere) Signer Certificate again.
TIP > Security > SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates
Select 'tspm_server' and press 'Delete'
Next click 'Retrieve from port'
Fill out the required Host and Port (typically 9443) of the WAS Server hosting TSPM, and give the alias the name 'tspm_server'. Next click 'Retrieve singer information'.
Make sure to save the changes.
After taking these steps, verify if the connection from TIP to TSPM is restored.
Product Alias/Synonym
TSPM PolicyManager
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.