Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

Java Agents, AM 5.x and 6.x fail to install on IBM WebSphere when SSL is enabled

Last updated Sep 22, 2021

The purpose of this article is to provide assistance if Java Agents and AM fail with "java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory", when installing on IBM® WebSphere® with SSL is enabled. Additionally, this issue only occurs when using an IBM JVM.


1 reader recommends this article

Symptoms

The following error is shown in the Agent or AM install log after the failed install attempt:

09/23/2016 19:10:05:930 EDT] ValidateURL.isServerUrlValid threw exception : java.net.SocketException: java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory   at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7)    at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1)    at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:62)    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:19)    at com.ibm.net.ssl.www2.protocol.https.b.connect(b.java:57)    at com.sun.identity.install.tools.configurator.ValidateURL.isServerURLValidInternal(ValidateURL.java:103)    at com.sun.identity.install.tools.configurator.ValidateURL.access$000(ValidateURL.java:44)    at com.sun.identity.install.tools.configurator.ValidateURL$URLValidatorProxy.run(ValidateURL.java:350)    at java.lang.Thread.run(Thread.java:736) Caused by: java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory

Recent Changes

N/A

Causes

The IBM JVM does not contain any SSL implementation classes, which means com.ibm.websphere.ssl.protocol.SSLSocketFactory is not found during the install process. 

This is a known issue with WebSphere when SSL is enabled: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory

Solution

This issue can be resolved by either using the OpenJDK or Oracle® JVM instead of the IBM JVM or by making changes to the java.security file (located in the /path/to/websphere/java*/jre/lib/security directory).

To change the java.security file, you need to uncomment the two default JSSE socket factories and comment out the two WebSphere specific ones, so that it looks like this:

# Default JSSE socket factories ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl  ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl  # WebSphere socket factories (in cryptosf.jar)  #ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory  #ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory

See Also

Preparing IBM WebSphere

Install WebSphere Java Agent

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.