|License Type||SaaS & On-Premise|
|Agent Mode||Assess & Protect|
|Main Product Category||Java Agent|
As detailed in the article Java Agent Fails to Connect to Contrast UI: javax.net.ssl.SSLHandshakeException, one of the options for resolving a certificate trust issue is to import a certificate into the TrustStore used by the application server hosting the application that the Java Agent is instrumenting.
In the case of IBM's WebSphere Application Server (WAS), the normal process of importing the certificate via the WAS console does not resolve the trust issue.
Due to the timing involved in WAS and the JVM (and therefore the Contrast Java Agent) starting up, the WAS configured TrustStores are not available to the Java Agent when it first tries to connect to the Contrast UI.
Java allows for the TrustStore (and associated password and type) to be overridden via the JVM System Properties:
Because these are specified at JVM startup, they will be honored by the JVM and therefore the Java Agent. An example configuration would look something like this:
-Djavax.net.ssl.trustStore=/apps/ki01/xa-was90-dv114/AppServer/profiles/xa-dmgr90-dv114/config/cells/xa-cell90-dv114/trust.p12 -javax.net.ssl.trustStoreType=pkcs12 -javax.net.ssl.trustStorePassword=<your password>