| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| IHS 8.5.5 and ACE11.0.0.4, Certificate issue. |
« View previous topic :: View next topic » |
| Author |
Message
|
| gxv3858 |
 Posted: Wed Jun 12, 2019 2:02 am Post subject: IHS 8.5.5 and ACE11.0.0.4, Certificate issue. |
 |
|
Novice
Joined: 13 Oct 2008
Posts: 16
|
Good day to all.
While trying to call an application installed in ACE 11 using URL,
https:/xxxx.com/proxy/sap/client/consult/v1,
The plugin logs and the IHS error logs is showing me this error message:
[Mon May 27 10:34:11 2019] [error] [27/May/2019:10:34:11.36708] 0000047e 2d781700 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_SOCKET_CLOSED(gsk rc = 420) PARTNER CERTIFICATE DN=No Information Available, Serial=No Information Available
[Mon May 27 10:34:11 2019] [error] [27/May/2019:10:34:11.36752] 0000047e 2d781700 - ERROR: ws_common: websphereGetStream: Could not open stream
[Mon May 27 10:34:11 2019] [error] [27/May/2019:10:34:11.36765] 0000047e 2d781700 - ERROR: ws_common: websphereExecute: Failed to create the stream
---------------------------------------------------------------------------------
My http configuration for SSL looks like this:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
<VirtualHost *:443>
SSLEnable
SSLProtocolEnable TLSv12
SSLProtocolDisable SSLv2 SSLv3
SSLServerCert selfSigned
KeyFile /v01s01/ibm/IHS/ihsserverkey.kdb
</VirtualHost>[Less]
---------------------------------------------------------------------------------
Tried to activate TLStrace in server.yaml, it worked just for some time, now its not working anymore the Integration node is not starting up if I set TLStrace : true.
The information I received from IBM is that my self signed certificate is corrupted, but they do not know why.
All I did was to create one self signed inside Ikeyman, exported, inserted this cert into my IHS KDB and the other was in the keystore ( trsutstore ) under Signer certificates at the ACE11 side.
----------------------------------------------------------------------------------
But so far no success in establish a SSL comunication from IHS to ACE11.
Customer does not want implement a signed certificate to secure this connection.
Does anybody know how to help me on this issue? |
|
| Back to top |
|
 |
| LJM |
| Posted: Wed Jun 12, 2019 3:29 am Post subject: |
|
|
Novice
Joined: 05 Jul 2018
Posts: 22
|
assuming the ACE URL is accessable directly just fine ?
and you have IHS in front of this ( +N ) for load balancing/ redundacy
eg IHS --> ACE11(a ) , ACE11 ( b )
and only via the IHS this fails ? |
|
| Back to top |
|
|
| gxv3858 |
| Posted: Wed Jun 12, 2019 5:19 am Post subject: |
|
|
Novice
Joined: 13 Oct 2008
Posts: 16
|
| LJM wrote: |
assuming the ACE URL is accessable directly just fine ?
and you have IHS in front of this ( +N ) for load balancing/ redundacy
eg IHS --> ACE11(a ) , ACE11 ( b )
and only via the IHS this fails ? |
Yes this only fails when IHS is used. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jun 12, 2019 5:54 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
So both ACE11(a) and ACE11(b) have the IHS signer cert in their truststore?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| gxv3858 |
| Posted: Wed Jun 12, 2019 6:12 am Post subject: |
|
|
Novice
Joined: 13 Oct 2008
Posts: 16
|
| fjb_saper wrote: |
So both ACE11(a) and ACE11(b) have the IHS signer cert in their truststore?
|
Yes correct , the IHS signer certificates are inside ACE11 truststore.
Caught them when accessing the https://xxxx.xxxx.com. There are 3 certificates in this chain. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
