This post will guide you to enable the ssl communication between the IHS plugin and Websphere application server (BASE) in a clustered environment. The same can be used in for non clustered environment as well.
Architecture:
The architecture includes 2 WAS Base installations in different nodes(physical hosts) and an IHS installation on one of the physical node (Shares the Base server physical host)
After following these steps and creating a cluster in by previous post, If you want to enable the https protocol at IHS level to access the application, The following steps have to be followed.
Error: This error will be seen in the logs, if you are trying to access the application on node2 using https protocol.
[01/2014:05:00:10.44085] 0000 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=hostname,OU=hostNode02Cell,OU=hostNode01,O=IBM,C=US, Serial=04:6f:ec:5e:84:05:56
[01/Dec/2014:05:00:10.44092] 0000510d c57fb700 - ERROR: ws_common: websphereGetStream: Could not open stream
[01/Dec/2014:05:00:10.44097] 0000510d c57fb700 - ERROR: ws_common: websphereExecute: Failed to create the stream
This error is seen as the plugin-cfg.kdb that is defined in the ihs configuration file does not have the node02 certificate installed.
Step1: Login to a WAS console,
Step2: Navigate to Servers -> ServerTypes -> Webservers -> webserver1 -> Plug-in properties
Step3: Click on Manage Keys and Certificates -> CMSKeyStore -> Signer Certificates
Step4: Click on Retrieve from port and provide the hostname and port of the base server.
ex: localhost(node2), Port (9043)
This will extract the certificate installed on the node2 and add that to the plugin kdb file.
Step5: After saving the certificate, Navigate back to Plugin properties and click on copy to webserver keystore directory.
This will create a new set of plugin-key.kdb and plugin-key.sth.
Step6: Now check the plugin-cfg.xml for the kdb and sth path and copy them to the designated paths and restart the IHS.
Step7: Test the application by accessing it with https protocol.
Architecture:
The architecture includes 2 WAS Base installations in different nodes(physical hosts) and an IHS installation on one of the physical node (Shares the Base server physical host)
After following these steps and creating a cluster in by previous post, If you want to enable the https protocol at IHS level to access the application, The following steps have to be followed.
Error: This error will be seen in the logs, if you are trying to access the application on node2 using https protocol.
[01/2014:05:00:10.44085] 0000 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=hostname,OU=hostNode02Cell,OU=hostNode01,O=IBM,C=US, Serial=04:6f:ec:5e:84:05:56
[01/Dec/2014:05:00:10.44092] 0000510d c57fb700 - ERROR: ws_common: websphereGetStream: Could not open stream
[01/Dec/2014:05:00:10.44097] 0000510d c57fb700 - ERROR: ws_common: websphereExecute: Failed to create the stream
This error is seen as the plugin-cfg.kdb that is defined in the ihs configuration file does not have the node02 certificate installed.
Step1: Login to a WAS console,
Step2: Navigate to Servers -> ServerTypes -> Webservers -> webserver1 -> Plug-in properties
Step3: Click on Manage Keys and Certificates -> CMSKeyStore -> Signer Certificates
Step4: Click on Retrieve from port and provide the hostname and port of the base server.
ex: localhost(node2), Port (9043)
This will extract the certificate installed on the node2 and add that to the plugin kdb file.
Step5: After saving the certificate, Navigate back to Plugin properties and click on copy to webserver keystore directory.
This will create a new set of plugin-key.kdb and plugin-key.sth.
Step6: Now check the plugin-cfg.xml for the kdb and sth path and copy them to the designated paths and restart the IHS.
Step7: Test the application by accessing it with https protocol.
0 comments:
Post a Comment