{"id":49,"date":"2009-10-17T14:36:00","date_gmt":"2009-10-17T14:36:00","guid":{"rendered":"https:\/\/www.srivittal.com\/wp\/?p=49"},"modified":"2021-08-31T10:13:06","modified_gmt":"2021-08-31T09:13:06","slug":"websphere-6-1-ssl-certificate-expirations","status":"publish","type":"post","link":"https:\/\/www.srivittal.com\/wp\/?p=49","title":{"rendered":"WebSphere 6.1 SSL certificate expirations"},"content":{"rendered":"<p>I had a Deployment Manager with two remote nodes federated into it and had left them switched off for over a year now. When I restarted the Deployment Manager the new certificate expiration handling process had renewed the certificates within the <profile_root>\/config\/cells\/<cell_name>CELL_NAME\/trust.p12 and <profile_root>\/config\/cells\/CELL_NAME<cell_name>\/key.p12 files. Unfortunately the certificates on the nodeagents had expired by then and were failing to sync with the Deployment Manager. So step 1 was to copy the trust.p12 and key.p12 files to the nodes under the same path. This stopped the synchronization issue. However there are two more key.p12 and trust.p12 files sitting under <profile_root>PROFILE_ROOT\/etc directory which were out of sync as well. When I manually issued a sync request, received a message like the following<\/profile_root><\/cell_name><\/profile_root><\/cell_name><\/profile_root>\n<div style=\"background-color: black; color: lime;\">ADMU0116I: Tool information is being logged in file<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \/opt\/IBM\/WebSphere\/AppServer\/profiles\/AppSrv01\/logs\/syncNode.log<br \/>ADMU0128I: Starting tool with the AppSrv01 profile<\/p>\n<p>*** SSL SIGNER EXCHANGE PROMPT ***<br \/>SSL signer from target host null is not found in trust store \/opt\/IBM\/WebSphere\/AppServer\/profiles\/AppSrv01\/etc\/trust.p12.<\/p>\n<p>Here is the signer information (verify the digest value matches what is displayed at the server): <\/p>\n<p>Subject DN:&nbsp;&nbsp;&nbsp; SUBJECT_DN<subject dn=\"\"><br \/>Issuer DN:&nbsp;&nbsp;&nbsp;&nbsp; ISSUER_DN<issuer dn=\"\"><br \/>Serial number: SERIAL_NUMBER<serial number=\"\"><br \/>Expires:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Sat Oct 16 14:26:05 BST 2010<br \/>SHA-1 Digest:&nbsp; SHA1-DIGEST<sha-1 digest=\"\"><br \/>MD5 Digest:&nbsp;&nbsp;&nbsp; MD5-DIGEST<md5 digest=\"\"><\/p>\n<p>Add signer to the trust store now? (y\/n)<\/md5><\/sha-1><\/serial><\/issuer><\/subject><\/div>\n<p><b>Please Note<\/b>: I have replaced the actual values with some placeholders for obvious security reasons. When I entered yes to this message, it started working fine. In order to keep&nbsp; these in real sync the easiest option would be create a soft link from PROFILE_ROOT\/etc directory to the key.p12 and trust.p12 files within the config\/cells\/<cell name=\"\">CELL_NAME directory on the deployment manager and the remote nodes. I have to look into these a bit carefully as the certificates in the PROFILE_ROOT\/etc directory are used mainly for issuing commands to the running nodeagents and servers whereas the certs within the PROFILE_ROOT\/config\/cells\/CELL_NAME directory are used for synchronization with the DM. Maybe I&#8217;m just confused. <br \/><\/cell><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I had a Deployment Manager with two remote nodes federated into it and had left them switched off for over a year now. When I restarted the Deployment Manager the new certificate expiration handling process had renewed the certificates within the \/config\/cells\/CELL_NAME\/trust.p12 and \/config\/cells\/CELL_NAME\/key.p12 files. Unfortunately the certificates on the nodeagents had expired by then &hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-49","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry entry-center"],"_links":{"self":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/49","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=49"}],"version-history":[{"count":1,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/49\/revisions"}],"predecessor-version":[{"id":210,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/49\/revisions\/210"}],"wp:attachment":[{"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.srivittal.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}