![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
![[z/OS]](../images/ngzos.gif)
linkCells|linkCellsZOS script
When you set up a star topology, you can use the linkCells script to configure the overlay communication between multiple cells. On z/OS® systems, use the linkCellsZOS script instead.
Purpose
Use the linkCells script to enable communication between a Intelligent Management cell containing servers that are enabled with an on demand router (ODR) that routes work requests to other administrative cells.
On z/OS systems, use the linkCellsZOS script.
Location
The linkCells script
is available in the app_server_root/bin directory.
The linkCellsZOS script
is available in the app_server_root/bin directory.
Usage
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
![[z/OS]](../images/ngzos.gif)
./linkCellsZOS.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
Example
./linkCells.sh centerHost:8879:centerUID:centerPWD point1Host:8880:point1UID:point1PWD
Troubleshooting
When you run the linkCells script, the following error messages might be displayed. To resolve the errors, verify that the com.ibm.ssl.enableSignerExchangePrompt property in the profile_home/properties/ssl.client.props file is set to gui, true, or stdin. By setting this property, clients can obtain a signer certificate from the server, and thus communicate with Intelligent Management.
When the com.ibm.ssl.enableSignerExchangePrompt property is set to gui or true, a signer-exchange window is displayed, and you are asked to accept or reject the certificate. If you accept the certificate, it is installed in the trust store automatically and the handshake succeeds. If you reject the certificate, it is not installed in the trust store and the handshake fails since the certificate is not trusted.
When the com.ibm.ssl.enableSignerExchangePrompt property is set to stdin, a signer-exchange ASCII prompt is displayed, and you are asked to accept or reject the certificate. If you accept the certificate, it is installed in the trust store automatically and the handshake succeeds. If you reject the certificate, it is not installed in the trust store and the handshake fails since the certificate is not trusted.
$ ./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
"Begin linking cells..."
WASX7209I: Connected to process "dmgr" on node dmgr using SOAP connector. The type of process is: DeploymentManager
CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=edgeaphid16.rtp.raleigh.ibm.com, OU=e16VEcell,
OU=edgeaphid16CellManager02, O=IBM, C=US" was sent from target host:port "9.42.96.77:8915".
The signer may need to be added to local trust store "c:/AutoWAS2/09072011/WAS/profiles/node1/etc/trust.p12"
located in SSL configuration alias "DefaultSSLSettings" loaded from SSL configuration file
"file:c:\AutoWAS2\09072011\WAS\profiles\node1/properties/ssl.client.props".
The extended error message from the SSL handshake exception is:
"PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com,
OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error".
CWPKI0040I: An SSL handshake failure occurred from a secure client. The server's SSL signer has to be added to the
client's trust store. A retrieveSigners utility is provided to download signers from
the server but requires administrative permission. Check with your administrator to have this utility run to setup
the secure environment before running the client.
Alternatively, the com.ibm.ssl.enableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSettings"
in order to allow acceptance of the signer during the connection attempt.
WASX7023E: Error creating "SOAP" connection to host "edgeaphid16.rtp.raleigh.ibm.com";
exception information:
com.ibm.websphere.management.exception.ConnectorNotAvailableException:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g:
PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com,
OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02,
O=IBM, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error;
targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException:
com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com,
OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02,
O=IBM, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error]
WASX7213I: This scripting client is not connected to a server process; please refer to the log file
c:\AutoWAS2\09072011\WAS\profiles\node1\logs\wsadmin.traceout for additional information.