MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

Re: WebSperhe cert



fixed

Mike, this sounds like your error, you don't mention a couple of things.
Are you current on ptfs or not, also when you say 6.1 are you referring to
the OS or the WebSphere Version or both. Have you installed any fixpacks.

http://pic.dhe.ibm.com/infocenter/wchelp/v6r0m0/index.jsp?topic=%2Fcom.ibm.commerce.admin.doc%2Frefs%2Frigerrorifenl.htm



On Sat, Apr 5, 2014 at 11:36 AM, Smith, Mike <Mike_Smith@xxxxxxxxxxxxxx>wrote:

Ok, I'm a newbie to certs and really haven't done too much with WebSphere
administration. I have four LPARs (Test, Model Office, QA and Prod) that I
run WebSphere on (V61, I know support).
I'm trying to get SPNEGO working with the distributed computing team,
which does all the other WebSphere administration.

We got it working on one LPAR but we're running into a problem with MO and
QA.

When I go into WSADMIN, I get the following message:

WASX7023E: Error creating "SOAP" connection to host "localhost"; exception
information:
com.ibm.websphere.management.exception.ConnectorNotAvailableException:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error parsing HTTP status
line &quot; &quot;: java.util.NoSuchElementException;
targetException=java.lang.IllegalArgumentException: Error parsing HTTP
status line " ": java.util.NoSuchElementException]
WASX7213I: This scripting client is not connected to a server process;
please refer to the log file
/QIBM/UserData/WebSphere/AppServer/V61/Base/profiles/default/logs/wsadmin.traceout
for additional information.

**The real problem is that the certificate is expired from when I look in
wsadmin.traceout.**

WSX509TrustMa E CWPKI0312E: The certificate with subject DN CN=
AS400MO.domain.COM, O=IBM, C=US has an end date Wed Jan 16 10:25:38 CST
2008 which is no longer valid.


I poked around in the anything that I can see on the iSeries for
certificate management but I don't see that anything was defined. The goal
is to authenticate against the Active Directory server in that zone.

I've gone into WebSphere administrative console: Security > SSL
certificate and key management > Manage endpoint security configurations.
I select the node under "Outbound ", AS400MO(NodeDefaultSSLSettings,null).
From the next screen, I leave the SSL Configuration box to
"NodeDefaultSSLSettings" and click Manage Certificates.
The "default" certificate is expiring next year, so that's good.

Backing up, if I click "Key stores and certificates" under Related Items,
there are three listed; NodeDefaultKeyStore, NodeDefaultTrustStore and
NodeTPAKeys. I see them pointing to three files; key.p12, trust.p12 and
ltpa.jceks. Using WRKLNK to navigate.. deep, deep into the directory
structure (I mean really.. can there be more directories!?). I see that
those keys were created Jan 17,2007. I would expect that they are what I
need to replace but when I click on say "NodeDefaultKeyStore" and then look
at any of the links under "Additional Properties" (Signer, certificate,
Personal Certificates) any of the certificates I see, expire in the future.
The other "Additional Properties" (Personal certificate requests and Custom
properties) are blank.

So, if they are the certs that I have to renew, how do I do it? I've been
searching IBM for WebSphere process but want to make sure I'm not missing
something that is an iSeries task.

Thank,

Mike.

________________________________
Confidentiality: This transmission, including any attachments, is solely
for the use of the intended recipient(s). This transmission may contain
information that is confidential or otherwise protected from disclosure.
The use or disclosure of the information contained in this transmission,
including any attachments, for any purpose other than that intended by its
transmittal is strictly prohibited. Unauthorized interception of this email
is a violation of federal criminal law. If you are not an intended
recipient of this transmission, please immediately destroy all copies
received and notify the sender.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact