c***@wipro.com
2009-04-27 12:31:03 UTC
Below are the steps we followed for SSL implementation :
1) Installed SSL certificate supplied by Verisign
2) Created a new virtual host in httpd.conf for port number 443
Listen hostname:443
DocumentRoot "///"
ServerName hostname
SSLEnable
KeyFile "D:\Program Files\IBM\HTTPServer\key.kdb"
SSLServerCert certificatename
SSLStashFile "D:\Program Files\IBM\HTTPServer\key.sth"
SSLV2Timeout 100
SSLV3Timeout 1000
ports. It was already present.
4) Regenerated the webserver plugin and propagated it.
5) Restarted HTTP Server
6) Tested https://www.website.com . Verisign certificate was displaying on the bottom
7) Tried accessing https://www.website.com/snoop . A 500 internal server was displayed.
8) Checked http_plugin.log below errors were thrown
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereGetStream: Could not open stream
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereExecute: Failed to create the stream
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereHandleRequest: Failed to execute the transaction to 'serverNode01_server1'on host ‘Servername’; will try another one
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find an app server to handle this request
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ESI: getResponse: failed to get response: rc = 2
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereHandleRequest: Failed to handle request
I have checked the plugin-key.kdb in Plugin-root/config/webserver1. The default certificate has expired.
Is this the issue? If so what is the procedure for creating a new certificate and what are the areas in the WAS I have to do the changes.
Please advise me the way forward.
Regards,
Chandrakanth
1) Installed SSL certificate supplied by Verisign
2) Created a new virtual host in httpd.conf for port number 443
Listen hostname:443
DocumentRoot "///"
ServerName hostname
SSLEnable
KeyFile "D:\Program Files\IBM\HTTPServer\key.kdb"
SSLServerCert certificatename
SSLStashFile "D:\Program Files\IBM\HTTPServer\key.sth"
SSLV2Timeout 100
SSLV3Timeout 1000
ports. It was already present.
4) Regenerated the webserver plugin and propagated it.
5) Restarted HTTP Server
6) Tested https://www.website.com . Verisign certificate was displaying on the bottom
7) Tried accessing https://www.website.com/snoop . A 500 internal server was displayed.
8) Checked http_plugin.log below errors were thrown
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereGetStream: Could not open stream
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereExecute: Failed to create the stream
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereHandleRequest: Failed to execute the transaction to 'serverNode01_server1'on host ‘Servername’; will try another one
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find an app server to handle this request
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ESI: getResponse: failed to get response: rc = 2
[Fri Apr 24 11:17:40 2009] 0000084c 000008e0 - ERROR: ws_common: websphereHandleRequest: Failed to handle request
I have checked the plugin-key.kdb in Plugin-root/config/webserver1. The default certificate has expired.
Is this the issue? If so what is the procedure for creating a new certificate and what are the areas in the WAS I have to do the changes.
Please advise me the way forward.
Regards,
Chandrakanth