Dear Sarfaraj
>>>> I am trying to use DCM APIs to import (QykmImportKeyStore) a certificate in IBM Keystore and assign (QycdUpdateCertUsage) that certificate to IWS server.
I am able to achieve both these steps. <<<<
How were you certain of the API's success? There may have been an error or warning that you may not have recognized that indicated the APIs did not end successfully or did not do what exactly you wanted. You need to check out this possibility from the job log by taking the following step.
- At IBM i command line, run CALL QCMD + enter + F10.
- Run the APIs again.
- Notice the system messages that may appear after each API invokation and read them carefully to make sure there is no suspecting message that may not be an outright error. Move the screen cursor to the suspicious message line and press F1 to explore the message and use F9 (or F10 I cannot remember exactly) to see 2nd level detail as well.
I also wonder whether you should run QycdRemoveCertUsage API before QycdUpdateCertUsage?
BTW, Have you addressed the bug in QykmImportKeyStore API that you used to ask about in this past thread: https://community.ibm.com/community/user/power/discussion/import-certificate-store-api-qykmimportkeystore ? You asked this past question in IBM i Global group which was the right thing to do. Asking your question this time in Power group stands worse chance of getting response from those who can help.
------------------------------
Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
------------------------------
Satid S.
------------------------------
Original Message:
Sent: Sun March 12, 2023 11:22 AM
From: Sarfaraj Pirjade
Subject: DCM APIs - Restart of IWS server is Failing with HTP8351 - Secure Sockets session failed to initialize successfully
Hello,
I am trying to use DCM APIs to import (QykmImportKeyStore) a certificate in IBM Keystore and assign (QycdUpdateCertUsage) that certificate to IWS server.
I am able to achieve both these steps. But when i restart the IWS server, it is failing with HTP8351 - Secure Sockets session failed to initialize successfully
HTP8351 Diagnostic 10 23/03/12 23:08:40.191380 QZSRAPR QHTTPSVR *STMT QZSRVSSL QHTTPSVR *STMT
From module . . . . . . . . : QZSRSNDM
From procedure . . . . . . : sendMessageToJobLog_CCSID
Statement . . . . . . . . . : 27
To module . . . . . . . . . : MOD_SSL
To procedure . . . . . . . : ssl_initializer
Statement . . . . . . . . . : 189
Message . . . . : Secure Sockets session failed to initialize successfully.
Cause . . . . . : Secure Sockets failed to initialize successfully. Recovery
. . . : Check the error log to determine the cause of the failure, and
start the server again. Technical description . . . . . . . . : Secure
Sockets failed to initialize correctly.
In the error log, it gives below error :
[ibm_ssl:error] [pid 119279:tid 000000A8] ZSRV_MSG0252: SSL initialization operation failed, return code error = 202.
[mpm_worker:notice] [pid 119269:tid 00000091] ZSRV_MSG0387: SIGTERM received. Shutting down.
But when i assing the same certificate with DCM gui and then restart the IWS server. Server is restarted successfully
Has anyone faced such issue earlier. Can someone help here. Thanks
------------------------------
Sarfaraj Pirjade
------------------------------