IBM Sterling Connect:Direct : Import C:D certificates on C:D WebService: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
If you setup Secure+ during the install you need to import certificates from C:D on C:D WebServices | If you setup Secure+ during the install you need to import certificates from C:D on C:D WebServices | ||
Bellow i provide some common error messages that happens when not configured. | |||
= Procedure = | |||
== Import from C:D keystore to C:D WS Trusted Store - in same machine == | |||
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin | |||
./ikeycmd -cert -import \ | |||
-db /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb -pw changeit -label CDInternal \ | |||
-target /opt/MFTWebServices/mftws/BOOT-INF/classes/trustedkeystore.jks -target_pw changeit -new_label CDNODE02-CDInternal | |||
= Common Error Messages = | |||
The following message erros can confirm this situation when you try to connect to C:D on User Functions | The following message erros can confirm this situation when you try to connect to C:D on User Functions | ||
Line 12: | Line 29: | ||
STAR=20230425 19:38:58.481|RECI=CXIT|RECC=CAEV|OSID=17318|TZDI=-25200|MSGT=CMGR exited. Pid=17600. Exitcode=0. | STAR=20230425 19:38:58.481|RECI=CXIT|RECC=CAEV|OSID=17318|TZDI=-25200|MSGT=CMGR exited. Pid=17600. Exitcode=0. | ||
= Check your configuration = | |||
You can check using command | You can check using command | ||
Line 31: | Line 50: | ||
CipherSuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,...) | CipherSuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,...) | ||
Check | |||
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin/ | cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin/ |
Revision as of 17:48, 26 April 2023
If you setup Secure+ during the install you need to import certificates from C:D on C:D WebServices
Bellow i provide some common error messages that happens when not configured.
Procedure
Import from C:D keystore to C:D WS Trusted Store - in same machine
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin
./ikeycmd -cert -import \ -db /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb -pw changeit -label CDInternal \ -target /opt/MFTWebServices/mftws/BOOT-INF/classes/trustedkeystore.jks -target_pw changeit -new_label CDNODE02-CDInternal
Common Error Messages
The following message erros can confirm this situation when you try to connect to C:D on User Functions
- Error on C:D WebService
Connect:Direct server is in stop state or ipAddress/port is invalid
- Error on C:D log
STAR=20230425 19:38:58.479|CCOD=8|RECI=CSPA|RECC=CAEV|OSID=17600|TZDI=-25200|MSGI=CSPA304E|MSGT=Client connection is not secure. Message ID CSPA304E, rc=8, fdbk=0. STAR=20230425 19:38:58.481|RECI=CXIT|RECC=CAEV|OSID=17318|TZDI=-25200|MSGT=CMGR exited. Pid=17600. Exitcode=0.
Check your configuration
You can check using command
cd /home/cdadmin02/cdunix/etc ./cdcustrpt
check the following in cd.support.rpt
SPCLI> display all; ... Name=.Client Type=R Protocol=(TLS1.2,TLS1.3) Override=N SecurityMode=DefaultToLN AuthTimeout=120 KeyCertLabel=CDInternal ClientAuth=Y CipherSuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,...)
Check
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin/ ./ikeycmd -cert -list -db "/home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb" -pw changeit
the output
Certificates in database /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb: CDInternal