Power

 View Only
Expand all | Collapse all

DCM APIs - Restart of IWS server is Failing with HTP8351 - Secure Sockets session failed to initialize successfully

  • 1.  DCM APIs - Restart of IWS server is Failing with HTP8351 - Secure Sockets session failed to initialize successfully

    Posted Sun March 12, 2023 11:22 AM

    Hello,

    I am trying to use DCM APIs to import (QykmImportKeyStore) a certificate in IBM Keystore and assign (QycdUpdateCertUsage) that certificate to IWS server. 

    I am able to achieve both these steps. But when i restart the IWS server, it is failing with  HTP8351 - Secure Sockets session failed to initialize successfully

    HTP8351    Diagnostic              10   23/03/12  23:08:40.191380  QZSRAPR      QHTTPSVR    *STMT    QZSRVSSL    QHTTPSVR    *STMT
                                         From module . . . . . . . . :   QZSRSNDM                                                     
                                         From procedure  . . . . . . :   sendMessageToJobLog_CCSID                                    
                                         Statement . . . . . . . . . :   27                                                           
                                         To module . . . . . . . . . :   MOD_SSL                                                      
                                         To procedure  . . . . . . . :   ssl_initializer                                              
                                         Statement . . . . . . . . . :   189                                                          
                                         Message . . . . :   Secure Sockets session failed to initialize successfully.                
                                         Cause . . . . . :   Secure Sockets failed to initialize successfully. Recovery               
                                            . . . :   Check the error log to determine the cause of the failure, and                  
                                           start the server again. Technical description . . . . . . . . :   Secure                   
                                           Sockets failed to initialize correctly.                                                    

    In the error log, it gives below error :

    [ibm_ssl:error] [pid 119279:tid 000000A8] ZSRV_MSG0252: SSL initialization operation failed, return code error = 202.

    [mpm_worker:notice] [pid 119269:tid 00000091] ZSRV_MSG0387: SIGTERM received. Shutting down.

    But when i assing the same certificate with DCM gui and then restart the IWS server. Server is restarted successfully

    Has anyone faced such issue earlier. Can someone help here. Thanks



    ------------------------------
    Sarfaraj Pirjade
    ------------------------------


  • 2.  RE: DCM APIs - Restart of IWS server is Failing with HTP8351 - Secure Sockets session failed to initialize successfully

    IBM Champion
    Posted Sun March 12, 2023 08:25 PM
    Edited by Satid Singkorapoom Sun March 12, 2023 09:22 PM

    Dear Sarfaraj

    >>>>  I am trying to use DCM APIs to import (QykmImportKeyStore) a certificate in IBM Keystore and assign (QycdUpdateCertUsage) that certificate to IWS server. 

    I am able to achieve both these steps.  <<<<

    How were you certain of the API's success?   There may have been an error or warning that you may not have recognized that indicated the APIs did not end successfully or did not do what exactly you wanted.   You need to check out this possibility from the job log by taking the following step.

    1. At IBM i command line, run  CALL QCMD + enter + F10.
    2. Run the APIs again.
    3. Notice the system messages that may appear after each API invokation and read them carefully to make sure there is no suspecting message that may not be an outright error.  Move the screen cursor to the suspicious message line and press F1 to explore the message and use F9 (or F10 I cannot remember exactly) to see 2nd level detail as well.  

    I also wonder whether you should run QycdRemoveCertUsage API before QycdUpdateCertUsage? 

    BTW, Have you addressed the bug in QykmImportKeyStore API that you used to ask about in this past thread: https://community.ibm.com/community/user/power/discussion/import-certificate-store-api-qykmimportkeystore ?  You asked this past question in IBM i Global group which was the right thing to do.  Asking your question this time in Power group stands worse chance of getting response from those who can help.


    ------------------------------
    Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
    ------------------------------
    Satid S.
    ------------------------------