Power

 View Only

  • 1.  CWPKI0033E on start up of IWS server

    Posted Tue January 14, 2025 04:35 PM

    Hi, 

    I'm getting this error when starting my IWS server. I went thru and redid the TLS configuation on the server to make sure the password was correct for the select DCM system cert. What else am I missing? 

    <xmp>[1/14/25 13:20:09:653 PST] 00000035 com.ibm.ws.ssl.config.WSKeyStore E CWPKI0033E: The keystore located at /QIBM/USERDATA/ICSS/CERT/Server/DEFAULT.KDB did not load because of the following error: KeyStore error occured (Failing API = ApiQykmExportKeyStore, message = An error occurred. The error code is 0., return code = -1, errno = 0, pof = 247 </xmp>

    <xmp>[1/14/25 13:20:09:658 PST] 00000035 com.ibm.ws.ssl.config.WSKeyStore W CWPKI0809W: There is a failure loading the KeyStoreByWebAdmin3 keystore. If an SSL configuration references the KeyStoreByWebAdmin3 keystore, then the SSL configuration will fail to initialize. </xmp>

    <xmp>[1/14/25 13:21:10:329 PST] 00000035 com.ibm.ws.ssl.config.WSKeyStore E CWPKI0033E: The keystore located at /QIBM/USERDATA/ICSS/CERT/Server/DEFAULT.KDB did not load because of the following error: KeyStore error occured (Failing API = ApiQykmExportKeyStore, message = An error occurred. The error code is 0., return code = -1, errno = 0, pof = 247 </xmp>

    <xmp>[1/14/25 13:21:10:331 PST] 00000035 com.ibm.ws.ssl.config.WSKeyStore W CWPKI0809W: There is a failure loading the KeyStoreByWebAdmin2 keystore. If an SSL configuration references the KeyStoreByWebAdmin2 keystore, then the SSL configuration will fail to initialize. </xmp>



    ------------------------------
    Michael Cramer
    ------------------------------


  • 2.  RE: CWPKI0033E on start up of IWS server

    Posted Wed January 15, 2025 09:17 AM

    Hi Michel, 

    This looks like a password change error got out of sync somewhere from what I could find on the web. 

    (its related to websphere so might strongly suggest that this APAR is related : https://www.ibm.com/support/pages/apar/PM17130


    seeing the error shows its Keystore related :  (Link : https://www.ibm.com/docs/en/was-liberty/nd?topic=messages-cwpki)

    CWPKI0033E: The keystore located at {0} did not load because of the following error: {1}

    what you could do is try to solve this way ? (standard disclaimer : use at own risk) : 

    https://www.reddit.com/r/websphere/comments/hmf8nh/cwpki0033e_the_keystore_located_at/

    if that attempt does not work, then last course is to diagnose DCM on the IBM i :

    https://www.ibm.com/docs/en/i/7.3?topic=dcm-troubleshooting-certificate-store-key-database-problems

    &

    https://www.ibm.com/support/docview.wss?uid=nas8N1010356

    my gut feel is it points to the keystone that got something that it shouldn't. 


    could you recreate the IWS server with the same configuration to reproduce on the new configuration ?



    ------------------------------
    Marius le Roux
    Owner
    MLR Consulting
    ------------------------------

    Original Message


  • 3.  RE: CWPKI0033E on start up of IWS server

    Posted Wed January 15, 2025 09:36 AM

    This also caught my eye : 

    Note Important updates and changes to IBM Navigator

    The web truststore is no longer dependent on Master Key 1 being set. 

    For the webtruststore change to be handled correctly, before applying this PTF, a user with *ALLOBJ authority should turn off TLS for their connection to the GUI node (Serviceability > Connection Properties then TLS Connection table), then apply the PTF.  That user should then sign in and turn TLS back on. 

    This will allow the conversion of the truststore to be handled correctly.

    Link : https://www.ibm.com/support/pages/node/6483299

    "could" be related. 



    ------------------------------
    Marius le Roux
    Owner
    MLR Consulting
    ------------------------------

    Original Message