Ok, I'm a newbie to certs and really haven't done too much with WebSphere administration. I have four LPARs (Test, Model Office, QA and Prod) that I run WebSphere on (V61, I know support).
I'm trying to get SPNEGO working with the distributed computing team, which does all the other WebSphere administration.

We got it working on one LPAR but we're running into a problem with MO and QA.

When I go into WSADMIN, I get the following message:

WASX7023E: Error creating "SOAP" connection to host "localhost"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error parsing HTTP status line " ": java.util.NoSuchElementException; targetException=java.lang.IllegalArgumentException: Error parsing HTTP status line " ": java.util.NoSuchElementException]
WASX7213I: This scripting client is not connected to a server process; please refer to the log file /QIBM/UserData/WebSphere/AppServer/V61/Base/profiles/default/logs/wsadmin.traceout for additional information.

**The real problem is that the certificate is expired from when I look in wsadmin.traceout.**

WSX509TrustMa E CWPKI0312E: The certificate with subject DN CN=AS400MO.domain.COM, O=IBM, C=US has an end date Wed Jan 16 10:25:38 CST 2008 which is no longer valid.

I poked around in the anything that I can see on the iSeries for certificate management but I don't see that anything was defined. The goal is to authenticate against the Active Directory server in that zone.

I've gone into WebSphere administrative console: Security > SSL certificate and key management > Manage endpoint security configurations.
I select the node under "Outbound ", AS400MO(NodeDefaultSSLSettings,null). From the next screen, I leave the SSL Configuration box to "NodeDefaultSSLSettings" and click Manage Certificates.
The "default" certificate is expiring next year, so that's good.

Backing up, if I click "Key stores and certificates" under Related Items, there are three listed; NodeDefaultKeyStore, NodeDefaultTrustStore and NodeTPAKeys. I see them pointing to three files; key.p12, trust.p12 and ltpa.jceks. Using WRKLNK to navigate.. deep, deep into the directory structure (I mean really.. can there be more directories!?). I see that those keys were created Jan 17,2007. I would expect that they are what I need to replace but when I click on say "NodeDefaultKeyStore" and then look at any of the links under "Additional Properties" (Signer, certificate, Personal Certificates) any of the certificates I see, expire in the future. The other "Additional Properties" (Personal certificate requests and Custom properties) are blank.

So, if they are the certs that I have to renew, how do I do it? I've been searching IBM for WebSphere process but want to make sure I'm not missing something that is an iSeries task.



Confidentiality: This transmission, including any attachments, is solely for the use of the intended recipient(s). This transmission may contain information that is confidential or otherwise protected from disclosure. The use or disclosure of the information contained in this transmission, including any attachments, for any purpose other than that intended by its transmittal is strictly prohibited. Unauthorized interception of this email is a violation of federal criminal law. If you are not an intended recipient of this transmission, please immediately destroy all copies received and notify the sender.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page