For, javax.net.ssl.SSLException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.
1. Locate to /app/IBM/WebSphere/AppServer/java/8.0/jre/lib/security/java.security file
2. Add below parameters for SSL factory.
****************************************
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
****************************************
for , Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version while client was trying to connect with lower TLS version.
1. locate to application JAVA_OPTIONS
2. Add below parameters for SSL for Specifying simply jdk.tls.client.protocols="TLSv1.2" will cause any type of ClientHello to use TLSv1.2 (https included). The https.protocols is only valid if the Client Application us using HttpsURLConnection class or URL.openStream() operations.
****************************************
-Dhttps.protocols=TLSv1.2
-Djdk.tls.client.protocols=TLSv1.2
****************************************
For, Force application Controller to use TLS 1.2
1. locate to application JAVA_OPTIONS
2. Add below parameters for SSL for Specifying, To enable and force TLS 1.2 you need to append two java runtime arguments:
****************************************
-Dcom.ibm.jsse2.overrideDefaultTLS=true
-Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12
****************************************
For, JVM arguments: Client TLS1.2 , Truststore & SSL debug
1. locate to application JAVA_OPTIONS
2. Add below parameters for SSL for Client TLS1.2 , Truststore & SSL debug.
****************************************
-Djavax.net.ssl.trustStore=/app/IBM/WebSphere/AppServer/java/8.0/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.ssl.trustStoreType=jks
-Dhttps.protocols=TLSv1.2
-Djdk.tls.client.protocols=TLSv1.2
-Dcom.ibm.jsse2.overrideDefaultTLS=true
-Djavax.net.debug=ssl,handshake,data,trustmanager
****************************************
For,javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching ip address found.) - LDAP
1. locate to application JAVA_OPTIONS
2. Add below parameters for LDAP disableEndpointIdentification.
****************************************
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
****************************************
Thanks :-)