Thursday, May 5, 2011

GSK_ERROR_BAD_CERT error configuring SSL between Plug-in and WebSphere Application Server V6.1

ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init:
GSK_ERROR_BAD_CERT(gsk rc = 414)

To fix this error:

Extract the default Personal Certificate
1. Login to the WebSphere Application Server Administrative Console
2. Select Security > SSL certificate and key management > Key Stores and certificates
3. Select NodeDefaultKeyStore for a stand-alone deployment or
CellDefaultKeyStore for a network deployment.
4. Click Personal Certificates, select the default check box, and then click Extract.
5. Give the extracted file a path and name, such as: /root/defaultCert.ARM.
Note: The convention is to give the file a .ARM extension.
6. Leave encoding set to Base64.
7. Click OK.

Locate your *.kdb file
1. In the httpd.conf file, find the directory in which the plugin-cfg.xml file is
stored by searching for the WebSpherePluginConfig line. It should look something like this:
WebSpherePluginConfig "/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-cfg.xml"
2. Find the directory in which the key database file (*.kdb) is stored by searching
for the term "keyring" in the plugin-cfg.xml file. For example:
<Property Name="keyring" Value="/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-key.kdb"/>
Note this location as you will need to use it later.

Add the extracted certificate to your key database file
1. Go to the directory for ikeyman and start it:
cd /opt/IBM/HTTPServer/bin
./ikeyman
2. Click Key Database File > Open, and then select a key database type of CMS.
3. Specify the filename and loacation you found above. For example: plugin-key.kdb and
/opt/IBM/HTTPServer/Plugins1/config/webserver1/plugin-key.kdb
4. Click OK, and then enter the password. Note: If you have not given this file another password,
the default password from WebSphere Application Server is WebAS (case sensitive).
5. Click Personal Certificates drop down and then select Signer Certificates.
6. Click Add.
7. Browse to the file you exported with the extension *.ARM, Select it, then Open and click OK. Supply a name if prompted.
8. Select Key Database File > Save As and save to the original location.
9. Select Key Database File > Exit.
10. Restart the IBM HTTP Server.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)