Monday, 17 February 2014

Ooops, GSK_ERROR_BAD_KEYFILE_PASSWORD seen with IBM HTTP Server and IBM WebSphere Plugin

So I'm seeing this in my IHS / Plugin installation, specifically here: -

/opt/IBM/WebSphere/Plugins/logs/webserver/http_plugin.log

...
[17/Feb/2014:16:22:39.07772] 00000597 0eaf7700 - ERROR: lib_security: logSSLError: str_security (gsk error 408):  GSK_ERROR_BAD_KEYFILE_PASSWORD
[17/Feb/2014:16:22:39.07775] 00000597 0eaf7700 - ERROR: lib_security: initializeSecurity: Failed to initialize GSK environment. Secure transports are not possible.
[17/Feb/2014:16:22:39.07775] 00000597 0eaf7700 - ERROR: ws_transport: transportInitializeSecurity: Failed to initialize security. Secure transports are not possible.
[17/Feb/2014:16:22:39.07778] 00000597 0eaf7700 - ERROR: ws_server: serverAddTransport: Failed to initialize security. Secure transports are not possible.
[17/Feb/2014:16:22:39.07779] 00000597 0eaf7700 - ERROR: ws_server: serverAddTransport: HTTPS Transport is skipped. IMPORTANT: If a HTTP transport is defined, it will be used for communication to the application server.
...

When I checked my plugin configuration: -

/opt/IBM/WebSphere/Plugins/config/webserver/plugin-cfg.xml

I could see: -

...
         <Transport Hostname="rhel6.uk.ibm.com" Port="9446" Protocol="https">
            <Property Name="keyring" Value="/opt/IBM/WebSphere/Plugins/config/webserver/plugin-key.kdb"/>
            <Property Name="stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver/plugin-key.sth"/>
         </Transport>

...

Guess what ?

When I checked: -

/opt/IBM/WebSphere/Plugins/config/webserver

I don't have the plugin KDB or Stash files.

I'd neglected to propagate the KDB etc. from the cell to the IHS/Plugin box.

To achieve this, I clicked this button: -


with this effect: -


Now I have these files: -

plugin-cfg.xml
plugin-key.kdb
plugin-key.sth

here: -

/opt/IBM/WebSphere/Plugins/config/webserver

Thanks to this IBM Technote: -


for pointing me in the right direction.

No comments: