IHS Plugin SSL Trace

Download as pdf or txt
Download as pdf or txt
You are on page 1of 1

Sample Scenario: 1.)I created a new SeflfSigned Cert in AppServer.Changed alias to the newly created cert in 'NodeDefaultSettings'.

Did NOT export the CERT to IHS Plugin KDB.This is what it shows in the plugin logs(Trace Enabled).See that its finding the 'transport chain' which in our case is on port '9443'. See the Interesting and surprising part here,Even though I did not Import Signer to Plugins KDB,IHS (plugins) still able to retrieve the CERT from WebSphere [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DEBUG: ws_server_group: serverGroupNextRoundRobinServer: use server DURGANode01_server1 [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - TRACE: ws_common: websphereFindTransport: Finding the transport [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DETAIL: ws_common: websphereFindTransport: Setting the transport(case 1): DURGA on port 9443 [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - TRACE: ws_common: websphereExecute: Executing the transaction with the app server reqingo is OK [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DEBUG: ws_common: websphereGetStream: Getting the stream to the app server [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - TRACE: ws_transport: transportStreamDequeue: Checking for existing stream from the queue [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DEBUG: ws_common: websphereGetStream: socket 15320 connected to DURGA:9443 [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DEBUG: lib_stream: openStream: Opening the stream [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DEBUG: lib_stream: openStream: Stream is SSL [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - TRACE: lib_stream: openStream: PARTNER CERTIFICATE DN=CN=Zambient Systems,OU=Computer,O=Zambient,L=Hyderabad,ST=AP,PC=30004,C=IN, Serial=19:53:aa:f4:87:97 [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - DEBUG: lib_stream: destroyStream: Destroying the stream [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - ERROR: ws_common: websphereGetStream: Could not open stream [Mon Nov 21 17:17:24 2011] 00002790 000019c0 - TRACE: ws_common: websphereGetStream: socket 15320 closed - failed to open stream 2.)Exported the SelfSigned I created and added into Plugin KDB.After which I was able to successfully connect.See the tracing: Key here is "Stream is SSL".Way to figureout if the request is SSL or non-SSL.Ofcourse I was expecting it would give CERT Info,But it did'nt this time.So,We see CERT Info(like PARTNER CERT) only on unsuccessful attempt.I conclude. [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DEBUG: ws_server_group: serverGroupNextRoundRobinServer: use server DURGANode01_server1 [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - TRACE: ws_common: websphereFindTransport: Finding the transport [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DETAIL: ws_common: websphereFindTransport: Setting the transport(case 1): DURGA on port 9443 [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - TRACE: ws_common: websphereExecute: Executing the transaction with the app server reqingo is OK [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DEBUG: ws_common: websphereGetStream: Getting the stream to the app server [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - TRACE: ws_transport: transportStreamDequeue: Checking for existing stream from the queue [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DEBUG: ws_common: websphereGetStream: socket 15320 connected to DURGA:9443 [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DEBUG: lib_stream: openStream: Opening the stream [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DEBUG: lib_stream: openStream: Stream is SSL [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DETAIL: ws_common: websphereGetStream: Created a new stream; queue was empty, socket = 15320 [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - TRACE: lib_htrequest: htrequestSetHeader: Setting the header name |_WS_HAPRT_WLMVERSION| to value |-1| [Mon Nov 21 17:46:49 2011] 0000214c 0000104c - DEBUG: lib_htrequest: htrequestWrite: Writing the request reqInfo is OK:

You might also like