I now have port 2010 responding to SSL requests after that change. Port 2010 redirects to port 2005 which is not listening; port 2001 displays Internal Server Error. Clearly I have other issues. With all the hardware swaps and system moves over the years, it's hard to keep track of what might have worked where and when.
[Wed May 28 11:47:21 2014] [error] [client a.b.c.d] ZSRV_MSG0362: Client denied by server configuration: /favicon.ico
[Wed May 28 11:47:33 2014] [error] ZSRV_MSG0214: Improperly formated certificate or certificate not valid, error = 415.
[Wed May 28 11:47:33 2014] [error] ZSRV_MSG0281: SSL: a.b.c.d.
The first message in the log should be for the port 2001 test. The others must be 2010, since 2005 is not even listening. It may be a simple SSL certificate problem or something deeper. As Tim suggests, it's not really worth my time to flail blindly in troubleshooting further myself. The ADMIN2 job crashes just after it starts; I'm guessing that relates to port 2005. (Indeed, the other system, also not working properly, does show port 2005 associated with ADMIN2.)
This is the part where I also refer back to my previous comment about getting in through specific URLs. Port 2010 redirects to port 2005 and fails. But, https://myIBMi:2010/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0
loads DCM. From there, I can see my certificates are not expired and are assigned to Server Applications as expected.
I think that's the end of my easy troubleshooting. When an IBM job fails with MCH3601, it's time to open a PMR.
From: Rob Berendt
Sent: Wednesday, May 28, 2014 07:58
From: Tim Rowe
Greetings, responding while traveling, so bit harder on my iPad, so sending directly to you. I checked with my Apache developers about the directive error, please see his response below.
If this does not correct the issue, the best solution is to call ibm service, they can help get it corrected quickly and help determine if there is some error or additional configuration case we need to consider.
For above error, all the SSL related directives belong to module mod_ibm_ssl, the error indicate the directives are not recognizable, maybe customer doesn't load the ssl module. Please have customer check the config file /QIBM/UserData/HTTPA/admin/conf/admin-cust.conf and see on the top of file whether below line is uncommented:
LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Sent from my iPad
This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.