HTTP plug-in log records "gsk error 408 (GSK_ERROR_BAD_KEYFILE_PASSWORD)"
 Technote (FAQ)
 
Problem
When starting the IBM® HTTP Server, the following error is recorded in the WebSphere® Application Server http_plugin.log (for releases of V5.1 and V5.0) or native.log (for releases of V4.0):

"gsk error 408 (GSK_ERROR_BAD_KEYFILE_PASSWORD)"
 
Cause
This error occurs if the plugin-key.sth file for the HTTPS transport in the plugin-cfg.xml file does not exist, is corrupted, or does not correspond with the existing plugin-key.kdb file. Also, the user account which the web server is running under must have read/execute permission on the plugin-key.sth.

For example:

<Transport Hostname="hostname" Port="9443" Protocol="https">
<Property name="keyring" value="/usr/WebSphere/AppServer/etc/plugin-key.kdb"/>
<Property name="stashfile" value="/usr/WebSphere/AppServer/etc/plugin-key.sth"/>
</Transport>
 
Solution
To correct the problem, perform the following steps:
  1. Make sure the plugin-key.sth file exists in the actual directory listed in the preceding example. By default this plugin-key.sth file is created when SSL is enabled within WebSphere Application Server. If the Web server is remote, this file and the plugin-key.kdb file must be copied from the Application Server machine to the remote Web server machine in the directory specified in the preceding example.

  2. If the file does exist, make sure the user account which the Web server is running under has read/execute permission to the plugin-key.sth. Also, it is possible that the plugin-key.sth file is corrupt or does not correspond with the existing plugin-key.kdb file. As a result, you must create a new plugin-key.sth file from the existing plugin-key.kdb file.

    To do this, use the iKeyman GUI included with the IBM HTTP Server to open the plugin-key.kdb file. The password to open this file by default is WebAS (case sensitive).

    After you have the plugin-key.kdb file open, from the menu select: Key Database file > stash password

    This creates a new plugin-key.sth file.

Note: The IBM HTTP Server must be restarted after making either of the preceding changes.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server Plug-in Multi-Platform 4.0, 5.0, 5.1, Version Independent Advanced, Base, Network Deployment, Standard
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > SSL
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1177702
IBM Group: Software Group
Modified date: Aug 26, 2004