IBM Sterling Connect:Direct : Import C:D certificates on C:D WebService: Difference between revisions
No edit summary |
|||
Line 7: | Line 7: | ||
== Import from C:D keystore to C:D WS Trusted Store - in same machine == | == Import from C:D keystore to C:D WS Trusted Store - in same machine == | ||
I will import from cdkeystore.kdb to trustedkeystore.jks | |||
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin | cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin | ||
./ikeycmd -cert -import \ | ./ikeycmd -cert -import \ | ||
-db /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb -pw changeit -label CDInternal \ | -db /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb -pw changeit -label CDInternal \ | ||
-target /opt/MFTWebServices/mftws/BOOT-INF/classes/trustedkeystore.jks -target_pw changeit -new_label CDNODE02-CDInternal | -target /opt/MFTWebServices/mftws/BOOT-INF/classes/trustedkeystore.jks -target_pw changeit -new_label CDNODE02-CDInternal | ||
= Common Error Messages = | = Common Error Messages = |
Revision as of 17:49, 26 April 2023
If you setup Secure+ during the install you need to import certificates from C:D on C:D WebServices
Bellow i provide some common error messages that happens when not configured.
Procedure
Import from C:D keystore to C:D WS Trusted Store - in same machine
I will import from cdkeystore.kdb to trustedkeystore.jks
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin ./ikeycmd -cert -import \ -db /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb -pw changeit -label CDInternal \ -target /opt/MFTWebServices/mftws/BOOT-INF/classes/trustedkeystore.jks -target_pw changeit -new_label CDNODE02-CDInternal
Common Error Messages
The following message erros can confirm this situation when you try to connect to C:D on User Functions
- Error on C:D WebService
Connect:Direct server is in stop state or ipAddress/port is invalid
- Error on C:D log
STAR=20230425 19:38:58.479|CCOD=8|RECI=CSPA|RECC=CAEV|OSID=17600|TZDI=-25200|MSGI=CSPA304E|MSGT=Client connection is not secure. Message ID CSPA304E, rc=8, fdbk=0. STAR=20230425 19:38:58.481|RECI=CXIT|RECC=CAEV|OSID=17318|TZDI=-25200|MSGT=CMGR exited. Pid=17600. Exitcode=0.
Check your configuration
You can check using command
cd /home/cdadmin02/cdunix/etc ./cdcustrpt
check the following in cd.support.rpt
SPCLI> display all; ... Name=.Client Type=R Protocol=(TLS1.2,TLS1.3) Override=N SecurityMode=DefaultToLN AuthTimeout=120 KeyCertLabel=CDInternal ClientAuth=Y CipherSuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,...)
Check
cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin/ ./ikeycmd -cert -list -db "/home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb" -pw changeit
the output
Certificates in database /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb: CDInternal