After a JNDI lookup occurs, the client application goes to the factories.conf file of the JNDI EMS server and looks up the certificates and identities from the factory to connect to the data EMS server. However, the SSL password is necessary for the client to decrypt the private key specified in the factories.conf file to connect to the data server. Currently, there is no way to specify the SSL password in the factories.conf file and TIBCO has not implemented this due to security reasons (the factories.conf file being a clear text file). To connect to the data server, the application needs to get this password from somewhere else, decrypt its private key and then make a connection to the data EMS server. There is no way to pass this SSL password in WAS. The only way to decrypt the private key from the identity specified in the factories.conf file is to pass the SSL password through the container based principal’s password. As this password is needed to decrypt the private key from the identity specified in the factories.conf file, it has to match the SSL password. When this password is not same as the SSL password, the private key is never decrypted and the SSL handshake fails.