Troubleshooting
Problem
When WebSphere Process Server and WebSphere Enterprise Service Bus applications do a handshake with another application on a different Websphere Application Server, an SSL handshake failure occurs.
Symptom
The following exception exists in the log file:
SECJ0056E: Authentication failed for reason No Client Certificate Available
Cause
$WS* headers are standard HTTP headers, such as $WSAT, which stores the Auth Type that is being used to make the request. There are other $WS* headers, such as $WSCC, $WSCS, $WSIS, and $WSSC. By default, the WebSphere Process Server and WebSphere Enterprise Bus HTTP binding will not refactor these $WS* header values when they pass through the process. If the Propagate HTTP header option is enabled, WebSphere Process Server and WebSphere Enterprise Service Bus propagate them from export to import.
The HTTP binding code for WebSphere Process Server and WebSphere Enterprise Service Bus does not refactor the value in the $WS* header. When the handshake takes place with other applications on a different server, the authentication information in the $WS* header is used. This scenario causes the handshake failure.
Resolving The Problem
To resolve the issue, complete one of the following options:
- You can write customized code to refactor the values in these $WS* headers. You can find an overview and a code sample in the following information center topics:
- z/OS: SOAP header propagation
- z/OS: Transport header propagation
- Other platforms: SOAP header propagation
- Other platforms: Transport header propagation
- If the $WS* header information is not usable, you can disable the Propagate HTTP header option to work around this issue.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21617960