Monday, 17 February 2014

Ooops, GSK_ERROR_BAD_KEYFILE_PASSWORD seen with IBM HTTP Server and IBM WebSphere Plugin

So I'm seeing this in my IHS / Plugin installation, specifically here: -

/opt/IBM/WebSphere/Plugins/logs/webserver/http_plugin.log

...
[17/Feb/2014:16:22:39.07772] 00000597 0eaf7700 - ERROR: lib_security: logSSLError: str_security (gsk error 408):  GSK_ERROR_BAD_KEYFILE_PASSWORD
[17/Feb/2014:16:22:39.07775] 00000597 0eaf7700 - ERROR: lib_security: initializeSecurity: Failed to initialize GSK environment. Secure transports are not possible.
[17/Feb/2014:16:22:39.07775] 00000597 0eaf7700 - ERROR: ws_transport: transportInitializeSecurity: Failed to initialize security. Secure transports are not possible.
[17/Feb/2014:16:22:39.07778] 00000597 0eaf7700 - ERROR: ws_server: serverAddTransport: Failed to initialize security. Secure transports are not possible.
[17/Feb/2014:16:22:39.07779] 00000597 0eaf7700 - ERROR: ws_server: serverAddTransport: HTTPS Transport is skipped. IMPORTANT: If a HTTP transport is defined, it will be used for communication to the application server.
...

When I checked my plugin configuration: -

/opt/IBM/WebSphere/Plugins/config/webserver/plugin-cfg.xml

I could see: -

...
         <Transport Hostname="rhel6.uk.ibm.com" Port="9446" Protocol="https">
            <Property Name="keyring" Value="/opt/IBM/WebSphere/Plugins/config/webserver/plugin-key.kdb"/>
            <Property Name="stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver/plugin-key.sth"/>
         </Transport>

...

Guess what ?

When I checked: -

/opt/IBM/WebSphere/Plugins/config/webserver

I don't have the plugin KDB or Stash files.

I'd neglected to propagate the KDB etc. from the cell to the IHS/Plugin box.

To achieve this, I clicked this button: -


with this effect: -


Now I have these files: -

plugin-cfg.xml
plugin-key.kdb
plugin-key.sth

here: -

/opt/IBM/WebSphere/Plugins/config/webserver

Thanks to this IBM Technote: -


for pointing me in the right direction.

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...