KDB keystores need you to set a default private key to issue, otherwise when a client sends an SSL HELLO, the handshake fails even if there is only one keypair in the keystore
A classic place to experience this is in the plugin keystore if you have 2-way SSL enabled between the web server and app server, you'll especially see this if WAS has auto renewed the certificate and your web servers are managed by the Cell. Under this scenario WAS renews the cert in plugin keystore but does not set a default.
To remedy, use the setdefault option of ikeycmd
For example...
| /opt/bpm/ihs8/java/jre/bin/ikeycmd -cert -setdefault -label frbpmwebdev.gslb.db.com -db /opt/bpm/ihs8/ssl/dev_ihskeystore.kdb -pw ******* |
No comments:
Post a Comment