IBM HTTP Server 2.0.42, 1.3.26/HTTP Plug-in V5.1 and IBM HTTP Server 2.0.47, 1.3.28/HTTP Plug-in V5.0 is not supported
 Technote (troubleshooting)
 
Problem(Abstract)
IBM® HTTP Server 1.3.26, 1.3.28, 2.0.42, and all releases of 2.0.47 include distinct Global Security Kit (GSKit) base versions required for Secure Socket Layer (SSL) communication between client browsers and the IBM HTTP Server. Also, the HTTP plug-in V5.0 and V5.1 require specific base levels of GSKit to support SSL communication between the HTTP plug-in and back-end IBM WebSphere® Application Servers.
 
Symptom
If HTTPS Transports are configured in the plugin-cfg.xml, the HTTPS transports will fail to load on web server startup when using IBM HTTP Server 2.0.42, 1.3.26 with HTTP plug-in V5.1. The same is true when using IBM HTTP Server 2.0.47, 1.3.28 with HTTP plug-in V5.0.

Error message recorded in the http_plugin.log:


[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - ERROR: ws_transport: transportInitializeSecurity: Unable to load security library
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - ERROR: ws_server: serverAddTransport: Failed to initialize security
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - ERROR: ws_server: serverAddTransport: HTTPS Transport is skipped

Additional Problem Noted on Solaris™:

IBM HTTP Server 2.0.42 (all releases) on Solaris will not load both the IBM SSL module (mod_ibm_ssl.so) and the WebSphere HTTP Plug-in V5.1 module properly which may result in web server segmentation faults or improper SSL initialization.

 
Cause
Background
IBM HTTP Server 2.0.42, 1.3.26 releases include and use GSKit V5 for their SSL implementation, while IBM HTTP Server 2.0.47, 1.3.28 releases include and use GSKit V7. The HTTP plug-in V5.0 supports GSKit V5 only, while HTTP plug-in V5.1 supports GSKit V7 only.

How to identify if the HTTP plug-in is configured for SSL communication:

Check the plugin-cfg.xml file on the web server machine to see if HTTPS transports are present. If yes, then SSL is enabled between HTTP plug-in and the WebSphere Application Server defined.

For example:
<ServerCluster CloneSeparatorChange="false" LoadBalance="Round Robin" Name="server1_Application_Cluster" PostSizeLimit="10000000" RemoveSpecialHeaders="true" RetryInterval="60">
<Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="0" Name="server1" WaitForContinue="false">
<Transport Hostname="Application Server domain" Port="9080" Protocol="http"/>
<Transport Hostname="Application Server domain" Port="9443" Protocol="https">
<Property Name="keyring" Value="d:\WebSphere\AppServer\etc\plugin-key.kdb"/>
<Property Name="stashfile" Value="d:\WebSphere\AppServer\etc\plugin-key.sth"/>
<Property Name="certLabel" Value="selfsigned"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="server1"/>
</PrimaryServers>
</ServerCluster>

How to identify if the HTTP plug-in V5.0 or V5.1 version is being used:

Check the http_plugin.log file on the web server machine and search on "Bld version:"


[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: -----System Information--------
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: Bld version: 5.1.0
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: Bld date: Jun 27 2004, 17:46:26
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: Webserver: IBM_HTTP_SERVER/1.3.26.2  Apache/1.3.26 (Win32)
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: Hostname = ECLIENT
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: OS version 5.2, build 3790, ''
[Fri Apr 29 12:19:53 2005] 00000c18 00000e24 - PLUGIN: --------------------------------------------------------------

 
Resolving the problem
The HTTP plug-in V5.1 module must be used if running IBM HTTP Server 2.0.47 or 1.3.28. Also, The HTTP plug-in 5.0 module must be used if running IBM HTTP Server 2.0.42 or 1.3.26


WebSphere Application Server V5.0 (
all releases) environments:
If currently running IBM HTTP Server 2.0.47 or 1.3.28 with the HTTP plug-in V5.0 upgrade to HTTP plug-in V5.1 which can be downloaded here:
http://www.ibm.com/support/docview.wss?uid=swg24007227

Please visit the Web server plug-in policy for WebSphere Application Server if concerned about support running HTTP plug-in V5.1 with WebSphere Application Server V5.0
Plug_in/swg21160581.html

WebSphere Application Server V5.1 (all releases) environments:
If currently running IBM HTTP Server 1.3.26 or 2.0.42 with the HTTP plug-in V5.1, upgrade to IBM HTTP Server 1.3.28 or 2.0.47 which can be downloaded here:
http://www-306.ibm.com/software/webservers/httpservers/

 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server
Operating system(s): z/OS
Software version: 2.0.47
Software edition:
Reference #: 1218869
IBM Group: Software Group
Modified date: Sep 30, 2005