Express (Distributed operating systems), v8.0 > Reference > Messages
CWPKI
CWPKI0001I: SSL service is initializing the configuration
Explanation SSL service is initializing the configuration. Action None. Informational only
CWPKI0002I: SSL service initialization completed successfully
Explanation SSL service initialization completed successfully.. Action None. Informational only
CWPKI0003I: SSL service is starting
Explanation SSL service is starting. Action None. Informational only
CWPKI0004I: SSL service started successfully
Explanation SSL service started. Action None. Informational only
CWPKI0005I: SSL service initialization failed
Explanation SSL service initialization failed Action None. Informational only
CWPKI0006E: Error creating or registering {0} mBean. The exception is {1}
Explanation An unexpected exception occurred when trying to create or register an mBean. Action There may be a problem with the configuration. The exception may include details.
CWPKI0007I: SSL service failed to start successfully
Explanation SSL service did not start. Action None. Informational only
CWPKI0008E: Error during SSL initialization. The exception is {0}.
Explanation An unexpected error occurred during security initialization. Action This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling SSL=all=enabled debug trace may yield additional information.
CWPKI0009E: Cannot create security object during initialization.
Explanation Cannot create the security object from repository. Internal Error. Action The security.xml might be corrupted or missing. Contact your service representative.
CWPKI0010E: Cannot obtain the WAS process type during initialization.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
CWPKI0011E: Failed to load {0} resource from cell. The exception is {1}
Explanation The specified resource could not be loaded due to an exception. Action The failure may be related to a configuration problem related to the resource.
CWPKI0012I: FIPS is enabled.
Explanation The server is running in FIPS mode, using the IBMJCEFIPS provider. Action No user action is required.
CWPKI0013W: FIPS is enabled but the IBMJCEFIPS provider is not active in the java.security file. To ensure FIPS algorithms usage for all WAS process types, uncomment the IBMJCEFIPS provider in the java.security file, ahead of the IBMJCE, and renumber the provider list in sequential order.
Explanation When the server is running in FIPS mode the IBMJCEFIPS provider should be in the java.security file. Action The java.security file needs to be changed to include the IBMJCEFIPS provider in the provider list before the IBMJCE provider.
CWPKI0014I: The SSL component''s FFDC Diagnostic Module {0} registered successfully: {1}.
Explanation Describes whether the SSL component's FFDC Diagnostic module was successfully registered. Action None. Informational only.
CWPKI0015E: Error stopping SSL component. The exception is {0}.
Explanation An unexpected error occurred stopping the SSL component. Action This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling SSL=all=enabled debug trace may yield additional information.
CWPKI0016W: The certificate with alias {0} from keyStore {1} will be expired in {2} days.
Explanation A certificate is about to expire in the keystore. Action Open the keystore and validate the expiration dates on all certificates in the keystore. Prepare to generate new certificates, if necessary.
CWPKI0017E: The certificate with alias {1} from keyStore {2} is expired.
Explanation A certificate is expired in the keystore. Action Open the keystore and validate the expiration dates on all certificates in the keystore. Remove any expired certs.
CWPKI0018W: The keystore type of {0} is not valid for SSL config alias {1}.
Explanation The keystore type configured is not correct. Action Change the keystore type in the SSL configuration.
CWPKI0019E: Error parsing the SSL client configuration file {0}. The error returned is {1}.
Explanation There may be a problem with the syntax of the ssl.client.props file or the location of the file is not valid. Action Review the error returned and check the syntax and location of the ssl.client.props file.
CWPKI0020E: Error loading custom trust manager class {0}. The exception message is {1}.
Explanation A class loading error occurred loading the custom trust manager configured. Action Ensure the class can be found in the environment.
CWPKI0021E: Error loading custom key manager class {0}. The exception message is {1}.
Explanation A class loading error occurred loading the custom key manager configured. Action Ensure the class can be found in the environment.
CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "{0}" was sent from target host:port "{1}". The signer may need to be added to local trust store "{2}" located in SSL configuration alias "{3}" loaded from SSL configuration file "{4}". The extended error message from the SSL handshake exception is: "{5}".
Explanation An error occurred during the SSL handshake. It may require a signer export/import from the target host to the client TrustStore. Action Review the extended error message from the TrustManager to determine what needs to change between the target SSL configuration and the client SSL configuration.
CWPKI0023E: The certificate alias "{0}" specified by the property com.ibm.ssl.keyStoreClientAlias is not found in KeyStore "{1}".
Explanation The certificate alias specified for this SSL configuration is not in the specified KeyStore. Action Either add a certificate into the KeyStore with the specified certificate alias or change the specified certificate alias to match an alias found in the client KeyStore.
CWPKI0024E: The certificate alias "{0}" specified by the property com.ibm.ssl.keyStoreServerAlias is not found in KeyStore "{1}".
Explanation The certificate alias specified for this SSL configuration is not in the specified KeyStore. Action Either add a certificate into the KeyStore with the specified certificate alias or change the specified certificate alias to match an alias found in the server KeyStore.
CWPKI0025E: Could not load the https Handler class "{0}". The extended error message is {1}.
Explanation There was a classloading error trying to load the HTTPS URLStreamHandler class. Action Check the SSL configuration to ensure the context provider is correct for the platform.
CWPKI0026E: Error reinitializing the SSL configuration after a change to security.xml. The extended error message is "{0}".
Explanation An exception occurred reading the SSL configurations from the security.xml after a change occurred. Action Review the exception message text and verify the SSL configuration parameters are valid.
CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.
Explanation Hostname verification will be disabled by default for URL connections. Hostname verification checks that the X509 Certificate Common Name (CN) matches the hostname it is from. Action To enable default JSSE URL hostname verification, set the com.ibm.ssl.performURLHostNameVerification property to true.
CWPKI0028E: SSL handshake protocol "{0}" is not valid. This protocol is specified in the SSL configuration alias "{1}" loaded from SSL configuration file "{2}". The extended error message is: "{3}".
Explanation The handshake protocol specified is not recognized as a valid handshake protocol. Action Check the SSL configuration to ensure the right handshake protocol is specified.
CWPKI0029E: SSL context provider "{0}" is not valid. This provider is specified in the SSL configuration alias "{1}" loaded from SSL configuration file "{2}". The extended error message is: "{3}".
Explanation The SSL context provider specified is not recognized as a valid context provider. Action Check the SSL configuration to ensure the correct SSL context provider is specified.
CWPKI0030E: Error occurred exchanging signers between cell and node. The exception that occurred is: {0}.
Explanation The DefaultKeyStores between cell and node will have exchange signers with corresponding DefaultTrustStores. An error occurred during this process. Action A manual signer exchange may be required.
CWPKI0031E: Error creating a client keystore or truststore during initialization. The exception that occurred is: {0}.
Explanation An error occurred while creating the file-based keystore or truststore during process initialization. Check that the keystore or truststore settings are valid. Action Verify the keystore or truststore settings in the ssl.client.props are current.
CWPKI0032E: Error creating a self-signed certificate. The exception that occurred is: {0}.
Explanation An error occurred while creating a self-signed certificate during process startup. Action Check that the default self-signed certificate property values (com.ibm.ssl.defaultCertReq*) are valid.
CWPKI0033E: The keystore located at "{0}" failed to load due to the following error: {1}.
Explanation An error occurred while creating or opening the keystore. Action Check the properties in the keystore configuration and ensure the keystore exists.
CWPKI0034E: Schedule "{0}" could not be initialized because of the following error: "{1}".
Explanation An error occurred initializing the schedule. Action Check that the properties for the scheduler are valid. Ensure the /etc directory is writable.
CWPKI0035E: Schedule "{0}" could not read the next scheduled date. Initializing alarm for the following date: {1}.
Explanation An error occurred reading the date from the schedule file in /etc. Action Ensure the /etc directory is writable or the file has not been modified.
CWPKI0036E: Error sending email to "{0}" using smtp server "{1}". The exception message is: "{2}".
Explanation An error occured sending email to the specified SMTP server. Action Ensure the SMTP server specified is valid and that your companies firewall policy allows sending to SMTP ports.
CWPKI0037I: Expiration monitor reports the following information: {0}.
Explanation This information concerns certificate expiration. Action You may need to manage certificates to resolve the reported problems.
CWPKI0038E: Expiration monitor failed to start with the following error: {0}.
Explanation A problem occurred starting the expiration monitor command task. Action Try starting the expiration monitor explicitly to determine more information about the error.
CWPKI0039E: Cannot find Node connector properties for the hostname {0} in the hostlist for keystore {1}.
Explanation Make sure the hostname entered is in the canonical format as it appears in serverindex.xml. Action Edit the hostlist to convert it to the proper canonical format.
CWPKI0040I: An SSL handshake failure occurred from a secure client. The server's SSL signer has to be added to the client's trust store. A retrieveSigners utility is provided to download signers from the server but requires administrative permission. Check with your administrator to have this utility run to setup the secure environment before running the client. Alternatively, the com.ibm.ssl.enableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSettings" in order to allow acceptance of the signer during the connection attempt.
Explanation This message is for provides options for the client to retrieve signers needed for a successful SSL connection. Action Either run retrieveSigners or enable the signer exchange prompt to correct the problem.
CWPKI0041W: One or more key stores are using the default password.
Explanation When the Application Server starts for the first time as a stand-alone application server or in a Network Deployment configuration, each server creates a keystore and truststore for the default SSL configuration. When the Application Server creates these files, by default, it uses WebAS for the password. Do not use the default password in production. The warning message suggests that you change the password. Action To eliminate this warning message, change the default password for the keystore and the truststore using the administrative console and also change these passwordsby editing the ssl.client.props file. When you change the passwords in the ssl.client.props file, use the PropFilePasswordEncoder utility to re-encode the newpasswords.
CWPKI0042E: An exception occured while storing a certificate in the issued certificates key store. The exception that occurred is: {0}
Explanation After creating a chained or self signed certificate, the corresponding signer certificate could not be stored in the issued certificates key store. Action Check the associated error information for the cause of the failure.
CWPKI0043E: Error creating a chained certificate. The exception that occurred is: {0}.
Explanation An error occurred while creating a chained certificate during process startup. Action Check that the default chained certificate property values (com.ibm.ssl.defaultCertReq*) are valid and that a valid certificate exists in the root key store.
CWPKI0200E: An attempt to generate keys using KeySet {0} occurred when the KeySet is not configured to generate keys. The detailed message is: {1}.
Explanation The KeySet either does not have a keyGenerationClass defined, it cannot find the keyGenerationClass, or a read-only KeyStore is associated with the KeySet, or the KeyStore does not allow the writing of secret keys. Action Modify the configuration so that a proper keyGenerationClass is configured and a KeyStore type is configured which allows the writing of secret keys.
CWPKI0201E: Error retrieving key alias {0} from KeySet {1}. The exception that occurred is: {2}.
Explanation An error occurred while retrieving keys from the KeyStore for the specified KeySet. Action Check that the KeySet configuration is correct.
CWPKI0202E: An error occurred trying to instantiate the key generation class {0} configured in KeySet {1}. The detailed message is: {2}.
Explanation Either the runtime could not find the key generation class configured for the KeySet or the class does not either implement com.ibm.websphere.crypto.KeyGenerator or com.ibm.websphere.crypto.KeyPairGenerator. Action Ensure the key generation class configured is specified in a location that can be found by the WebSphere runtime. Check the information center for specifying custom classes so that runtime can find them.
CWPKI0203E: An attempt to import keys to KeySet {0} failed. The detailed message is: {1}.
Explanation The keys passed as input may not have been correctly formed or the keystore could not be accessed to store them. Action Attempt to determine the cause based on the exception and adjust the configuration accordingly.
CWPKI0204E: An error occurred during a scheduled key generation for KeySetGroup {0}. The detailed error message is: {1}.
Explanation A problem occurred while a new key reference was created for the specified KeySetGroup. After the key reference was created in the configuration, the key was generated. One of these steps failed. Action Attempt to determine the cause based on the exception and adjust the configuration as needed.
CWPKI0300I: Use the -listRemoteKeyStoreNames and -listLocalKeyStoreNames options to get list of names for <remoteKeyStoreName> and <localKeyStoreName>, respectively.
Usage: retrieveSigners <remoteKeyStoreName> <localKeyStoreName> [options]
options: [-profileName <profileName>] [-remoteAlias <aliasFromRemoteStore>] [-localAlias <storeAsAlias>] [-listRemoteKeyStoreNames] [-listLocalKeyStoreNames] [-autoAcceptBootstrapSigner] [-uploadSigners] [-host <host>] [-port <port>] [-conntype <RMI|SOAP>] [-user <user>] [-password <password>] [-trace] [-logfile <filename>] [-replacelog] [-quiet] [-help]
Explanation Usage information on the parameters for executing this script. Action None.
CWPKI0301I: Trace mode is on.
Explanation Indicates trace mode is on. Action None.
CWPKI0302E: Cannot write to the trace logfile... {0}
Explanation There's a problem writing to the specified logfile. Action Change the logfile path or make sure the file specified is not in use.
CWPKI0303I: Trace is being logged to the following location: {0}
Explanation Indicates where the mode is being logged. Action None.
CWPKI0304E: The <remoteKeyStoreName> specified as "{0}" was not found on the server.
Explanation The remote truststore is not found. Action Try issuing -listRemoteKeyStoreNames command to get the list of names.
CWPKI0305E: The <aliasFromRemoteStore> specified as "{0}" was not found in truststore "{1}" on the server.
Explanation The alias specified was not found in the truststore. Action Try issuing -listRemoteKeyStoreNames command to get the list of names.
CWPKI0306I: The following remote keystores exist on the specified server: {0}
Explanation Indicates a list of the remote keystores. Action None.
CWPKI0307I: The following local keystores exist on the client: {0}
Explanation Indicates a list of the local keystores. Action None.
CWPKI0308I: Adding signer alias "{0}" to local keystore "{1}" with the following SHA digest: {2}
Explanation Indicates the signer being added to the local keystore. Action None.
CWPKI0309I: All signers from remote keystore already exist in local keystore.
Explanation Indicates no signers needed to be added to the local keystore. Action None.
CWPKI0310E: The <localKeyStoreName> specified as "{0}" was not found on the client.
Explanation The local truststore is not found. Action Try issuing -listLocalKeyStoreNames command to get the list of names.
CWPKI0311E: The certificate with subject DN {0} has a start date {1} which is valid after the current date/time. This will can happen if the client''s clock is set earlier than the server''s clock. Please verify the clocks are in sync between this client and server and retry the request.
Explanation The start date of the certificate is not valid. Action Ensure that the client's clock matches up with the server's clock. Otherwise, create a certificate with the proper start date.
CWPKI0312E: The certificate with subject DN {0} has an end date {1} which is no longer valid.
Explanation The certificate has expired. Action Replace the certificate with a valid certificate.
CWPKI0313W: The following option is not valid: {0}
Explanation Check the command line to ensure the specified option is correct. Action Check the usage help and retry after correcting the option.
CWPKI0314E: The following error is returned from an exception: {0}
Explanation Check the command line to ensure the specified options are correct. Action Check the usage help and retry after correcting the option.
CWPKI0315E: SSL configuration properties are null. Could be a problem parsing the SSL client configuration.
Explanation There are no SSL configuration properties set. The property 'com.ibm.SSL.ConfigURL' may not be set properly or there may have been an error parsing the SSL client configuration. Action Check the ssl.client.props file for errors and make sure 'com.ibm.SSL.ConfigURL' is set property.
CWPKI0401I: Trace mode is on.
Explanation Indicates that trace mode is on. Action None.
CWPKI0402E: Cannot write to the trace logfile... {0}
Explanation Indicates an error writing to the specified logfile. Action Change the logfile path or to the correct logfile or make sure the file specified is not in use.
CWPKI0403I: Trace is being logged to the following location: {0}
Explanation Indicates where the mode is being logged. Action None.
CWPKI0404W: The following option is not valid: {0}
Explanation Check the command line to ensure the options are correct. Action Check the usage help and retry after correcting the option.
CWPKI0405E: The following error is returned from an exception: {0}
Explanation Check the command line to ensure the options are correct. Action Check the usage help and retry after correcting the option.
CWPKI0406E: The PKI client implementation class "{0}" could not be found.
Explanation An attempt to load the custom PKI client implementation failed because the class could not be found by the classloader. Action Check that the custom class exists in your installation's classes directory.
CWPKI0407E: The PKI client implementation class "{0}" is not an instance of com.ibm.ws.ssl.WSPKIClient.
Explanation An attempt to load the custom PKI client implementation failed because the class is not an instance of com.ibm.ws.ssl.WSPKIClient. Action Check that the custom class implements com.ibm.ws.ssl.WSPKIClient.
CWPKI0408E: Certificate "{0}" is not a personal certificate.
Explanation The certificate specified is not a personal certificate. Action Rerun the command with a personal certificate alias name.
CWPKI0409E: Certificate alias "{0}" does not exist in key store "{1}".
Explanation Unable to receive the certificate from the Certificate Authority (CA) because public keys do not match. Action Rerun the command using a certificate retrieved from a Certificate Authority (CA) that was generated with the certificate request coming form this specified alias in this keystore.
CWPKI0410E: The local keyStore specified as alias "{0}" was not found on the client.
Explanation The local keyStore is not found. Action Check that the keyStore exists on the client and has an alias in ssl.client.props.
CWPKI0411E: Certificate with a public key matching the public key in the certificate from the Certificate Authority (CA) is not found in key store "{0}".
Explanation In order to receive a certificate in a key store the public key of the certificate must match the public key of a certificate in the key store. Action Run the command with a certificate that has a public key that matches the public key of a certificate in the key store.
CWPKI0412I: The certificate returned from the Certificate Authority (CA) is null. The certificate request was not processed immediately and must be obtained out-of-band using the queryCertificate command.
Explanation The certificate request was not processed immediately by the Certificate Authority (CA) and mst be obtained out-of-band. Action Run queryCertificate to check on the status of the certificate and receive it if the request has been processed.
CWPKI0413E: Supply {0} value for {1}.
Explanation The value provided is not the correct type. Action Check the usage help and retry after correcting the type of the value.
CWPKI0414E: The option {0} is required with a value.
Explanation A proper value was not provided on the command line. Action Check the usage help and retry after correcting the option.
CWPKI0415E: The following error occurred while initializing the Certificate Authority (CA) implementation: {0}
Explanation An error occurred while initializing the Certificate Authority (CA) implementation. Action Check the associated error message.
CWPKI0416E: The following error occurred while creating a Certificate Authority (CA) signed certificate: {0}
Explanation An error occurred while attempting to create a Certificate Authority (CA) signed certificate. Action Check the associated error message.
CWPKI0417E: The following error occurred while revoking a Certificate Authority (CA) signed certificate: {0}
Explanation An error occurred while attempting to revoke a Certificate Authority (CA)) signed certificate. Action Check the assoicated error message.
CWPKI0418E: The following error occurred while querying the Certificate Authority (CA) for a signed certificate: {0}
Explanation An error occurred while attempting to query the certificate authority (CA) for a signed certificate. Action Check the associated error message.
CWPKI0419E: Unable to receive the certificate because the keystore specified is read-only.
Explanation Unable to receive the certificate because the keystore specified is read-only. Action Specify a keystore that is writable.
CWPKI0420E: The certifcate request was processed by the Certificate Authority (CA) but failed to store in the keystore specified. The certificate will be revoked and a retry of the request is necessary. Check the previous failure messages and correct the issue(s) before retrying the certificate request.
Explanation The certificate request received from the Certificate Authority (CA) was unable to be stored successfully in the specified keystore. The certifcate will be revoked and a retry of the request is necessary to obtain a new certificate. Action Check the previous failure messages related to storing the keystore and correct the issue(s) before retrying the certificate request.
CWPKI0421I: A PKCS10 certificate request with alias "{0}" was successfully created. The request is stored in file: {1}
Explanation None Action None
CWPKI0422I: Generating a PKCS10 certificate request
Explanation None Action None
CWPKI0423E: Failed to create a PKCS10 certificate request due to the following error: {0}
Explanation The PKCS10 certifcate request could not be created Action Check the message logs for details
CWPKI0424E: Certificate alias "{0}" already exists in key store "{1}".
Explanation Unable create the certificate request because the alias specified alrady exists in the keystore. Action Specify another alias name.
CWPKI0425E: SubjectDN supplied is incorrect.
Explanation The subjectDN supplied is incorrect and does not conform to the X500Principal standard. Action Check the subjectDN and ensure that it is in the correct form.
CWPKI0426W: Ignoring the following unrecognized option(s): [{0}]
Explanation An option provided was not recognized and will be ignored. Action Check the command usage an ensure the argument supplied is correct.
CWPKI0427E: Unable to parse custom attributes.
Explanation The custom attributes were not entered in the proper form. Action Check the usage help and retry after correcting the value specified.
CWPKI0428I: The signer might need to be added to the local trust store. We can use the Retrieve from port option in the administrative console to retrieve the certificate and resolve the problem. If you determine that the request is trusted... 1. Log into the administrative console. 2. Expand Security and click SSL certificate and key management. Under Configuration settings, click Manage endpoint security configurations. 3. Select the appropriate outbound configuration to get to the {0} management scope. 4. Under Related Items, click Key stores and certificates and click the {1} key store. 5. Under Additional Properties, click Signer certificates and Retrieve From Port. 6. In the Host field, enter {2} in the host name field, enter {3} in the Port field, and {4} in the Alias field. 7. Click Retrieve Signer Information. 8. Verify that the certificate information is for a certificate that you can trust. 9. Click Apply and Save.
Explanation This message is for informational purposes only. Action No action is required.
CWPKI0450E: Attribute "{0}" is missing or of an incorrect type. Correct type is "{1}".
Explanation The attribute passed to the implementation is null or of the incorrect type. Action Ensure that the required attribute is passed to the implementation.
CWPKI0451E: The certificate request is null.
Explanation The byte array of the certificate request is null. Action Check that a valid certificate request byte array is passed to the implementation.
CWPKI0452E: The revocation password for this request is null.
Explanation The byte array of the revocation password for this request is null. Action Check that a valid revocation password byte array is passed to the implementation.
CWPKI0453E: The following unexpected exception has occured: {0}
Explanation An unexpected error has occured. Action Contact IBM support.
CWPKI0454E: Unable to create temporary file "{0}".
Explanation The temporary file could not be written to the filesystem. Action Ensure the path to the temporary file exists, is writable and has space available.
CWPKI0455I: Requesting a Certificate Authority (CA) signed certificate.
Explanation Requesting a Certificate Authority (CA) signed certificate. Action None. Informational only
CWPKI0456E: An exception occurred requesting the certificate: {0}
Explanation An unexpected error occurred requesting the certificate. Action Check the log file for detailed error information.
CWPKI0457E: An exception occurred revoking the certificate: {0}
Explanation An error occurred revoking the certificate. Action Check the log file for detailed error information
CWPKI0458E: An exception occurred querying the certificate: {0}
Explanation An unexpected error occurred querying the certificate. Action Check the log file for detailed error information.
CWPKI0459E: The certificate chain is null.
Explanation The certificate chain is null. Action Check that a valid certificate chain is passed to the implementation.
CWPKI0460I: Revoking a Certificate Authority (CA) signed certificate.
Explanation Revoking a Certificate Authority (CA)) signed certificate. Action None. Informational only.
CWPKI0461I: Action "{0}" not supported by this implementation.
Explanation Action not supported. Action None. Informational only.
CWPKI0462I: Certificate revocation request for certificate alias "{0}" initiated due to reason: {1}
Explanation A request to revoke a Certificate Authority (CA) signed certificate has been issued. Action Verify with the external Certificate Authority (CA) that the certificate has been successfully revoked.
CWPKI0463I: Certificate received and stored in keystore "{0}" as alias "{1}".
Explanation A signed certificate was received from the Certificate Authority (CA). Action None. Informational only.