HTTPS 통신을 할 경우 발생 가능성이 있는 문제로 WAS의 개인키와 전파된 키의 패스워드가 문제가 될 경우 발생할 수 있다.
HTTP plug-in log records "gsk error 408 (GSK_ERROR_BAD_KEYFILE_PASSWORD)"
Technote (troubleshooting)
Problem(Abstract)When starting the IBM® HTTP Server, the following error is recorded in the WebSphere® Application Server http_plugin.log (for releases of V5.1 and V5.0) or native.log (for releases of V4.0):
"gsk error 408 (GSK_ERROR_BAD_KEYFILE_PASSWORD)"
CauseThis error occurs if the plugin-key.sth file for the HTTPS transport in the plugin-cfg.xml file does not exist, is corrupted, or does not correspond with the existing plugin-key.kdb file. Also, the user account which the web server is running under must have read/execute permission on the plugin-key.sth.
For example:
<Transport Hostname="hostname" Port="9443" Protocol="https">
<Property name="keyring" value="/usr/WebSphere/AppServer/etc/plugin-key.kdb"/>
<Property name="stashfile" value="/usr/WebSphere/AppServer/etc/plugin-key.sth"/>
</Transport>
Resolving the problemTo correct the problem, perform the following steps:
1.Make sure the plugin-key.sth file exists in the actual directory listed in the preceding example. By default this plugin-key.sth file is created when SSL is enabled within WebSphere Application Server. If the Web server is remote, this file and the plugin-key.kdb file must be copied from the Application Server machine to the remote Web server machine in the directory specified in the preceding example.
2.If the file does exist, make sure the user account which the Web server is running under has read/execute permission to the plugin-key.sth. Also, it is possible that the plugin-key.sth file is corrupt or does not correspond with the existing plugin-key.kdb file. As a result, you must create a new plugin-key.sth file from the existing plugin-key.kdb file. a.Use the iKeyman GUI included with the IBM HTTP Server to open the plugin-key.kdb file. The password to open this file by default is WebAS (case sensitive).
b.After you have the plugin-key.kdb file open, from the menu select: Key Database file > stash password. This creates a new plugin-key.sth file.
Note: The IBM HTTP Server must be restarted after making either of the preceding changes.
3.If there is an RDB (for example, plugin-key.rdb) and CRL (for example, plugin-key.crl) in the same directory as the plugin-key.kdb and plugin-key.sth file, remove these files from the directory.
.
댓글 없음:
댓글 쓰기