|
Home > Archive > WebSphere HTTP Server > May 2004 > SSL0104S: GSK could not initialize, Invalid password for keyfile
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSL0104S: GSK could not initialize, Invalid password for keyfile
|
|
| charleychu 2004-04-06, 11:33 am |
| Using WAS 5.0 and IBMHttpServer 1.3.26 on XP professional SP1.
After installing WAS 5.0 and IBMHttpServer 1.3.26 on the machine, failed to config web server to support https. The error message from error.log of web server is
[Tue Apr 06 07:57:19 2004] [crit] SSL0104S: GSK could not initialize, Invalid password for keyfile.
I used ikeyman utility to create the key, self-signed it, and also stash the password to the file. I have full control to the stashed password file. I modified the httpd.conf to support the https. The https portion of httpd.conf looks like
WebSpherePluginConfig "d:\Program Files\WebSphere\AppServer/config/cells/plugin-cfg.xml"
Listen 443
FileETag none
<VirtualHost MY_SERVER_NAME:443>
ServerName MY_SERVER_NAME
FileETag none
DocumentRoot "d:/program files/ibmhttpserver/htdocs/en_us"
Keyfile "d:/program files/ibmhttpserver/newkey.kdb"
SSLV2Timeout 100
SSLV3Timeout 1000
SSLClientAuth none
SSLEnable
</VirtualHost>
SSLDisable
Keyfile "d:/program files/ibmhttpserver/newkey.kdb"
SSLV2Timeout 100
SSLV3Timeout 1000
Stop and start the web server, got the above error in the log. Any idea what's wrong?
Thanks!
| |
| charleychu 2004-04-06, 11:33 am |
| Sorry the special character didn't show up correctly and need to be replace with symbol.
The https portion of httpd.conf looks like
WebSpherePluginConfig "d:\Program Files\WebSphere\AppServer/config/cells/plugin-cfg.xml"
Listen 443
FileETag none
<VirtualHost SCS718021.hq.bradgroup:443>
ServerName SCS718021.hq.bradgroup
FileETag none
DocumentRoot "d:/program files/ibmhttpserver/htdocs/en_us"
Keyfile "d:/program files/ibmhttpserver/newkey.kdb"
SSLV2Timeout 100
SSLV3Timeout 1000
SSLClientAuth none
SSLEnable
</VirtualHost>
SSLDisable
Keyfile "d:/program files/ibmhttpserver/newkey.kdb"
SSLV2Timeout 100
SSLV3Timeout 1000
| |
| 10362788 2004-04-14, 5:33 pm |
| I am also encountering the same issue on XP Professional SP1. HTTP is showing from the Services window that it is started. But in the event viewer Apache.exe has failed to start with the Invalid password for keyfile error. I have had success by going i
nto HTTP properies of the Services window, copying the executable statement and then pasting it into a command window, but taking off the --ntservice portion. The problem here is that you can not close the command window. I guess you can configure a com
mand to allow this to run in the background and start it manually or throw it into the windows Start folder. So at this point my question is ..." why can apache.exe not run as a service?"using the executable state
| |
| ajpavlis@us.ibm.com 2004-05-10, 5:33 pm |
| First off...a great IHS guide (older versions seem to have more SSL/LDAP info):
http://www-306.ibm.com/software/web...nual/ibm/en_US/
All versions: http://www-306.ibm.com/software/web...ervers/library/
I received the same error, and here's how I fixed it:
Go into the ikeyman GUI, open your kdb file. Under Key Database File -> Stash Password.
Save the password to whatever file you want, and ensure the name matches the name in your httpd.conf file. I am using IHS 2.0.47 w/ GSK 7 on RH Linux 9.0. The perms on the file were root:root 644
NOTE_1: If you are using LDAP to authenticate, you will need to use the ldapstash command in the bin directory with ikeyman instead of the ikeyman stash function (last time I checked...).
NOTE_2: I am using a self-signed cert.
Here's my SSL config info (names changed to protect the innocent):
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 10.1.0.1:443
<VirtualHost some.domain.com:443>
SSLEnable
SSLStashfile /usr/IHS/conf/stashfile.sth
DocumentRoot /usr/IHS/docroot
<Directory /usr/IHS/docroot>
AuthName Protected-Realm
AuthType Basic
AuthUserFile /usr/IHS/passwd
SSLVersion ALL
<LIMIT GET>
allow from all
require valid-user
</Limit>
</Directory>
</VirtualHost>
Keyfile /usr/IHS/conf/key.kdb
SSLV2Timeout 100
SSLV3Timeout 1000
Hope this helps...if not, you may want to check this article:
http://www-306.ibm.com/software/web...19/9attroub.htm
-Andrew Pavlis
The statements above in no way represent or reflect those of IBM or anyone affiliated with IBM. The statements are merely the posted opinions of the individual.
|
|
|
|
|