PK07547: STOPSERVER OR WSADMIN SOAPCONNECTOR THROWS INVALID KEYSTORE FORMAT EXCEPTION FOR PKCS12 KEYSTORE TYPE. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description stopServer or wsadmin: SoapConnector throws Invalid keystore format exception for PKCS12 keystore type. WebSphere admin scripts like stopServer and wsadmin uses soap.client.props to communicate with DMGR or appservers. If these servers are configured SSL with non default JKS keystore type (like PKCS12), the stopServer/wsadmin will throw Invalid keystore format exception even after setting keystoretype in soap.client.props file. The stopServer with trace option the exception thrown is below. [6/2/05 14:48:51:414 CEST] 7036705 SOAPConnector < reconnect [SOAPException: fault code=SOAP-EN:Client; mig=Error opening socket: java.net.SocketException: Invalid keystore format; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: Invalid keystore format]Local fix Problem summary **************************************************************** * USERS AFFECTED: Websphere Application server version 5.0.2 * * and 5.1 users who use Key File Format: * * PKCS12 and Trust File Format: PKCS12, * * while setting SSL security and using SOAP * * as the preferred connector. * **************************************************************** * PROBLEM DESCRIPTION: If you set Key File Format: PKCS12 * * and Trust File Format: PKCS12 * * while setting SSL security then you * * get a connector exception if using * * SOAP Connector. * * * * * * Soap connector does not work,that is, * * if wsadmin -conntype SOAP won't work, * * neither would stopServer/stopManager * * work with SOAP connector. * * It would fail with an "Invalid * * keystore format" error. * * However, RMI connector works fine * * (try either starting a wsadmin, or * * stopServer/stopManager commands) * **************************************************************** * RECOMMENDATION: * **************************************************************** To recreate: -- start administrative console, go to Security --> SSL Configuration Repertoires, pick the one used by the SOAP connector (server.xml contains the sslConfig property for SOAPConnector) -- update the following fields: Key File Name: <location of key.p12 file> Key FIle Password: ikjune10 Key File Format: PKCS12 Trust File Name: <location of key.p12 file> Trust File Password: ikjune10 Trust File Format: PKCS12 -- save and enable security -- restart server -- update sas.client.props file. The following fields need change: com.ibm.ssl.keyStoreType=PKCS12 com.ibm.ssl.keyStore=<location of key.p12 file> com.ibm.ssl.keyStorePassword=ikjune10 com.ibm.ssl.trustStoreType=PKCS12 com.ibm.ssl.trustStore=<location of key.p12 file> com.ibm.ssl.trustStorePassword=ikjune10 -- update soap.client.props file. The following fields need change: com.ibm.ssl.keyStoreType=PKCS12 com.ibm.ssl.keyStore=<location of key.p12 file> com.ibm.ssl.keyStorePassword=ikjune10 com.ibm.ssl.trustStoreType=PKCS12 com.ibm.ssl.trustStore=<location of key.p12 file> com.ibm.ssl.trustStorePassword=ikjune10 You will find soap connector does not work. If wsadmin -conntype SOAP won't work, neither would stopServer/stopManager work with SOAP connector. It would fail with an "Invalid keystore format" error.Problem conclusion Code has been changed to handle this issue. The following lines have been added to provide keyStoreType and trustStoreType in soap.client.props com.ibm.ssl.keyStoreType=PKCS12 com.ibm.ssl.trustStoreType=PKCS12 The fix for this APAR is currently targeted for inclusion in fixpack 5.0.2.13 and 5.1.1.7. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 10I
Software edition:
Reference #: PK07547
IBM Group: Software Group
Modified date: Aug 11, 2005
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.