MustGather: CMS key database (.kdb) and certificate problems
 Technote (troubleshooting)
 
Problem(Abstract)
Collecting data for CMS key database (.kdb) and certificate problems with IBM® HTTP Server. Gathering this information before calling IBM support will help familiarize you with the troubleshooting process and save you time.
 
Resolving the problem

Do you want to automate the collection of MustGather data?
Collecting the following MustGather information has now been automated in the IBM Support Assistant. For more information about automating data collection, see Using IBM Support Assistant to collect MustGather data.

If you have already contacted support, continue on to the component-specific MustGather information. Otherwise, click: MustGather: Read first for IBM HTTP Server.

CMS key database and certificate specific MustGather information
The following contains a list of files that are needed for debugging CMS key database (.kdb) and certificate issues.
  1. IBM HTTP Server version.

    Type one of the following commands to display the full IBM HTTP Server version:
    • For Windows®:
      • For all releases of V1.3.12, 1.3.19, 1.3.26, 1.3.28, 2.0.42, 2.0.47, 6.0:

        install_root/apache -v

    • For UNIX®
      • For all releases of V1.3.12, 1.3.19, 1.3.26, 1.3.28:

        install_root/bin/httpd -ver

      • For all releases of V2.0.42, 2.0.47, 6.0:

        install_root/bin/apachectl -V

  2. Configuration file:

    install_root/conf/httpd.conf

  3. Error log:
    • For Windows:

      install_root/logs/error.log

    • For UNIX:

      install_root/logs/error_log

  4. Global Security Kit (GSKit) version.

    Type one of the following commands to display the full GSKit version:
    • For Windows:
      • For all releases of V1.3.28, 2.0.47, 6.0:

        /program files/ibm/gsk7/bin/gsk7ver.exe

      • For all releases of V1.3.19, 1.3.26, 2.0.42:

        /program files/ibm/gsk5/bin/gsk5ver.exe

      • For all releases of V1.3.12:

        /program files/ibm/gsk4/bin/gsk4ver.exe

    • For AIX®:
      • For all releases of V1.3.28, 2.0.47, 6.0:

        /usr/opt/ibm/gskkm/bin/gsk7ver

      • For all releases of V1.3.19, 1.3.26, 2.0.42:

        /usr/opt/ibm/gskkm/bin/gsk5ver

      • For all releases of V1.3.12:

        /usr/opt/ibm/gskit/bin/gsk4ver

    • For Solaris:
      • For all releases of V1.3.28, 2.0.47, 6.0:

        /opt/ibm/gsk7/bin/gsk7ver

      • For all releases of V1.3.19, 1.3.26, 2.0.42:

        /opt/ibm/gsk5/bin/gsk5ver

      • For all releases of V1.3.12:

        /opt/ibm/gsk4/bin/gsk4ver

    • For HP-UX:
      • For all releases of V1.3.28, 2.0.47, 6.0:

        /opt/ibm/gsk7/bin/gsk7ver

      • For all releases of V1.3.19, 1.3.26, 2.0.42:

        /opt/ibm/gsk5/bin/gsk5ver

      • For all releases of V1.3.12:

        /opt/ibm/gsk4/bin/gsk4ver

    • For Linux®:
      • For all releases of V1.3.28, 2.0.47, 6.0:

        /usr/local/ibm/gsk7/bin/gsk7ver

      • For all releases of V1.3.19, 1.3.26, 2.0.42:

        /usr/local/ibm/gsk5/bin/gsk5ver

      • For all releases of V1.3.12:

        /usr/local/ibm/gsk4/bin/gsk4ver

  5. CMS key database file (.kdb).

    The CMS Key database file is defined by the KeyFile directive in the httpd.conf file:

    KeyFile  /fully qualified path to key file/key.kdb

    For example:

    /usr/HTTPServer/ssl/key.kdb

    Note: Include the password.

  6. Password stashfile (.sth).

    For example:

    /usr/HTTPServer/ssl/key.sth

  7. Request database (.rdb).

    For example:

    /usr/HTTPServer/ssl/key.rdb

  8. Server and Client Certificate (.arm, .p12, .cer, .der, and so on).

  9. CA Signer Certificate (Verisign, Thwarte, Entrust, internalCA, and so on).

    For example: CAroot.cer, CA.arm, CAROOT.der, and so on.

  10. Follow instructions to send diagnostic information to IBM support.

For a listing of all technotes, downloads, and educational materials specific to CMS key database and certificate problems, search the IBM HTTP Server support site.

 
Related information
Submitting information to IBM support
Steps to getting support
MustGather: Read first
Troubleshooting guide
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server IBM HTTP Server
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > SSL
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1141303
IBM Group: Software Group
Modified date: Feb 25, 2007