This might help as well.

On Sun, Apr 6, 2014 at 5:46 AM, Jack Kingsley <iseriesflorida@xxxxxxxxx>wrote:

Mike, this sounds like your error, you don't mention a couple of things.
Are you current on ptfs or not, also when you say 6.1 are you referring to
the OS or the WebSphere Version or both. Have you installed any fixpacks.

On Sat, Apr 5, 2014 at 11:36 AM, Smith, Mike <Mike_Smith@xxxxxxxxxxxxxx>wrote:

Ok, I'm a newbie to certs and really haven't done too much with WebSphere
administration. I have four LPARs (Test, Model Office, QA and Prod) that I
run WebSphere on (V61, I know support).
I'm trying to get SPNEGO working with the distributed computing team,
which does all the other WebSphere administration.

We got it working on one LPAR but we're running into a problem with MO
and QA.

When I go into WSADMIN, I get the following message:

WASX7023E: Error creating "SOAP" connection to host "localhost";
exception information:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error parsing HTTP status
line &quot; &quot;: java.util.NoSuchElementException;
targetException=java.lang.IllegalArgumentException: Error parsing HTTP
status line " ": java.util.NoSuchElementException]
WASX7213I: This scripting client is not connected to a server process;
please refer to the log file
for additional information.

**The real problem is that the certificate is expired from when I look in

WSX509TrustMa E CWPKI0312E: The certificate with subject DN CN=
AS400MO.domain.COM, O=IBM, C=US has an end date Wed Jan 16 10:25:38 CST
2008 which is no longer valid.

I poked around in the anything that I can see on the iSeries for
certificate management but I don't see that anything was defined. The goal
is to authenticate against the Active Directory server in that zone.

I've gone into WebSphere administrative console: Security > SSL
certificate and key management > Manage endpoint security configurations.
I select the node under "Outbound ",
AS400MO(NodeDefaultSSLSettings,null). From the next screen, I leave the
SSL Configuration box to "NodeDefaultSSLSettings" and click Manage
The "default" certificate is expiring next year, so that's good.

Backing up, if I click "Key stores and certificates" under Related Items,
there are three listed; NodeDefaultKeyStore, NodeDefaultTrustStore and
NodeTPAKeys. I see them pointing to three files; key.p12, trust.p12 and
ltpa.jceks. Using WRKLNK to navigate.. deep, deep into the directory
structure (I mean really.. can there be more directories!?). I see that
those keys were created Jan 17,2007. I would expect that they are what I
need to replace but when I click on say "NodeDefaultKeyStore" and then look
at any of the links under "Additional Properties" (Signer, certificate,
Personal Certificates) any of the certificates I see, expire in the future.
The other "Additional Properties" (Personal certificate requests and Custom
properties) are blank.

So, if they are the certs that I have to renew, how do I do it? I've
been searching IBM for WebSphere process but want to make sure I'm not
missing something that is an iSeries task.



Confidentiality: This transmission, including any attachments, is solely
for the use of the intended recipient(s). This transmission may contain
information that is confidential or otherwise protected from disclosure.
The use or disclosure of the information contained in this transmission,
including any attachments, for any purpose other than that intended by its
transmittal is strictly prohibited. Unauthorized interception of this email
is a violation of federal criminal law. If you are not an intended
recipient of this transmission, please immediately destroy all copies
received and notify the sender.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page