|
Home > Archive > WebSphere HTTP Server > February 2005 > The binary library jpkcs11 could not be loaded
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
The binary library jpkcs11 could not be loaded
|
|
| MFPServices 2005-02-08, 8:05 am |
| Hy,
I use :
.. Linux Redhat Advanced Server 3 ;
.. IBMJava2-JRE-1.4.2-1.0 ;
.. IBMJava2-SDK-1.4.2-1.0 ;
.. IHS2.install.component-2.0-47 ;
.. IHS2.base.doc.manpagesEn-2.0-47 ;
.. IHS2.base_ext.security.sslFr-2.0-47 ;
.. IHS2.ssl-2.0-47
# echo $JAVA_HOME
JAVA_HOME=/opt/IBMJava2-142/jre
# echo $PATH
/opt/IBMJava2-142/bin:/usr/local/ibm/gsk7_gcc295: \
/usr/local/ibm/gsk7_gcc295/classes: \
/usr/local/ibm/gsk7_gcc295/classes/jre: \
/usr/local/ibm/gsk7_gcc295/classes/jre/lib: \
/usr/local/ibm/gsk7_gcc295/classes/jre/lib/ext: \
/usr/lib:/usr/local/ibm/gsk7_gcc295/lib:/root/bin: \
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin: \
/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
# Java -fullversion
java full version "J2RE 1.4.2 IBM build cxia32142ifx-20041203
(142SR1+80507)"
When I launch the (# /opt/IBMIHS/bin/ikeyman) and I chose the CMS type,
I obtain the error : "The CMS Java native Library was not found. ....."
But for the other choices, it's OK.
When I launch manually, it's the same error :
# /opt/IBMJava2-142/jre/bin/java -verbose com.ibm.gsk.ikeyman.ikeycmd \
-keydb -create -db /tmp/foo.kdb -pw foo -type CMS -expire 365 -stash
[Opened /opt/IBMJava2-142/jre/lib/graphics.jar in 3 ms]
[...]
at com.ibm.gsk.ikeyman.ikeycmd.main(ikeycmd.java:384)
The binary library jpkcs11 could not be loaded
[Loaded java.lang.Shutdown from /opt/IBMJava2-142/jre/lib/core.jar]
[Loaded java.lang.Shutdown$Lock from /opt/IBMJava2-142/jre/lib/core.jar]
#
Could you help me please.
Thank's
| |
| ganeshtambat 2005-02-14, 4:32 am |
| Hi !
I am working on the same configuration as yours and I am facing same error. Is your problem solved? Could you provide me any useful info / pointers ?
Thanks in advance.
Regards,
Ganesh | |
| Sunit Patke 2005-02-14, 5:58 pm |
| Can you post the output of the following commands:
echo JAVA_HOME
which java
java -fullversion
Sunit
"ganeshtambat" <ganeshtambat.1kg4l7@mail.webservertalk.com> wrote in message
news:ganeshtambat.1kg4l7@mail.webservertalk.com...
>
> Hi !
>
> I am working on the same configuration as yours and I am facing same
> error. Is your problem solved? Could you provide me any useful info /
> pointers ?
>
> Thanks in advance.
>
> Regards,
> Ganesh
>
>
>
> --
> ganeshtambat
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message912534.html
>
| |
| ganeshtambat 2005-02-15, 2:27 am |
| Hi,
Please see below my configuration details:
*********************************
$ Java -fullversion
java full version "J2RE 1.4.2 IBM build cxia32142-20040926"
********************************
$ rpm -qa | grep gsk
gsk7bas_295-7.0-1.16
********************************
Entries added in httpd.conf file:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
SSLEnable
Keyfile <IHS2_install_Home>/bin/key.jks [Tried with jks type of key database. I am able to generate jks type of keydatabase.]
*********************************
Got following error while starting the webserver after SSL configuration:
[Fri Feb 11 16:49:14 2005] [notice] SSL0166E: Failure attempting to load GSK library.
********************************
error_log showed following entries when tried accessing ssl connection:
[Fri Feb 11 16:41:47 2005] [warn] SSL0263W: SSL Connection attempted when SSL did not initialize.
*********************************
$ echo $PATH
/usr/kerberos/sbin:<IBMjavasdkInstallHome>/IBMJava2-142/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
*********************************
$ echo $JAVA_HOME
<IBMjavasdkInstallHome>/IBMJava2-142/jre
*********************************
$ uname -a
Linux <host name> 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux
###############
Please advise.
Thanks and Regards,
Ganesh | |
| Sunit Patke 2005-02-15, 6:04 pm |
| Check the version of C++ runtime library libstdc installed.
libstdc++3-3.0.4-1 is a prereq of GSKit. If you installed with --nodeps flag
then dependencies were bypassed.
Sunit
"ganeshtambat" <ganeshtambat.1khld5@mail.webservertalk.com> wrote in message
news:ganeshtambat.1khld5@mail.webservertalk.com...
>
> Hi,
>
> Please see below my configuration details:
>
> *********************************
>
> $ Java -fullversion
> Java full version "J2RE 1.4.2 IBM build cxia32142-20040926"
>
> ********************************
>
> $ rpm -qa | grep gsk
> gsk7bas_295-7.0-1.16
>
> ********************************
>
> Entries added in httpd.conf file:
>
> LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
> SSLEnable
> Keyfile <IHS2_install_Home>/bin/key.jks [Tried with jks type of key
> database. I am able to generate jks type of keydatabase.]
>
>
> *********************************
>
> Got following error while starting the webserver after SSL
> configuration:
>
> [Fri Feb 11 16:49:14 2005] [notice] SSL0166E: Failure attempting to
> load GSK library.
>
> ********************************
>
> error_log showed following entries when tried accessing ssl connection:
>
>
> [Fri Feb 11 16:41:47 2005] [warn] SSL0263W: SSL Connection attempted
> when SSL did not initialize.
>
> *********************************
>
> $ echo $PATH
> /usr/kerberos/sbin:<IBMjavasdkInstallHome>/IBMJava2-142/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
>
>
> *********************************
>
> $ echo $JAVA_HOME
> <IBMjavasdkInstallHome>/IBMJava2-142/jre
>
> *********************************
>
> $ uname -a
> Linux <host name> 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686
> i386 GNU/Linux
>
> ###############
>
>
> Please advise.
>
> Thanks and Regards,
> Ganesh
>
>
>
> --
> ganeshtambat
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message912534.html
>
| |
| ganeshtambat 2005-02-16, 10:04 am |
| Hi Sunit,
Thanks a lot for your help. We dont have the library you mentioned on our system. I could find following libraries on our linux AS 3.0 system in /usr/lib directory.
libstdc++.so.5
libstdc++.so.5.0.3
Please inform me if these libraries work with GSKit. I have not encountered any error during GSKit installation.
Please advise.
Thanks and Regards,
Ganesh
quote:
Originally posted by Sunit Patke
Check the version of C++ runtime library libstdc installed.
libstdc++3-3.0.4-1 is a prereq of GSKit. If you installed with --nodeps flag
then dependencies were bypassed.
Sunit
"ganeshtambat" <ganeshtambat.1khld5@mail.webservertalk.com> wrote in message
news:ganeshtambat.1khld5@mail.webservertalk.com...
>
> Hi,
>
> Please see below my configuration details:
>
> *********************************
>
> $ Java -fullversion
> Java full version "J2RE 1.4.2 IBM build cxia32142-20040926"
>
> ********************************
>
> $ rpm -qa | grep gsk
> gsk7bas_295-7.0-1.16
>
> ********************************
>
> Entries added in httpd.conf file:
>
> LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
> SSLEnable
> Keyfile <IHS2_install_Home>/bin/key.jks [Tried with jks type of key
> database. I am able to generate jks type of keydatabase.]
>
>
> *********************************
>
> Got following error while starting the webserver after SSL
> configuration:
>
> [Fri Feb 11 16:49:14 2005] [notice] SSL0166E: Failure attempting to
> load GSK library.
>
> ********************************
>
> error_log showed following entries when tried accessing ssl connection:
>
>
> [Fri Feb 11 16:41:47 2005] [warn] SSL0263W: SSL Connection attempted
> when SSL did not initialize.
>
> *********************************
>
> $ echo $PATH
> /usr/kerberos/sbin:<IBMjavasdkInstallHome>/IBMJava2-142/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
>
>
> *********************************
>
> $ echo $JAVA_HOME
> <IBMjavasdkInstallHome>/IBMJava2-142/jre
>
> *********************************
>
> $ uname -a
> Linux <host name> 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686
> i386 GNU/Linux
>
> ###############
>
>
> Please advise.
>
> Thanks and Regards,
> Ganesh
>
>
>
> --
> ganeshtambat
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message912534.html
>
| |
| Sunit Patke 2005-02-17, 5:56 pm |
| Ganesh,
Can you try executing the gs7ikm command using JRE that ships with WebSphere
App Server? Also post the contents of
$JAVA_HOME/jre/lib/security/java.security
Sunit
"ganeshtambat" <ganeshtambat.1kklpb@mail.webservertalk.com> wrote in message
news:ganeshtambat.1kklpb@mail.webservertalk.com...
>
> Hi Sunit,
>
> Thanks a lot for your help. We dont have the library you mentioned on
> our system. I could find following libraries on our linux AS 3.0 system
> in /usr/lib directory.
>
> libstdc++.so.5
> libstdc++.so.5.0.3
>
> Please inform me if these libraries work with GSKit. I have not
> encountered any error during GSKit installation.
>
> Please advise.
>
> Thanks and Regards,
> Ganesh
>
>
>
> Sunit Patke wrote:
>
>
>
> --
> ganeshtambat
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message912534.html
>
| |
| ganeshtambat 2005-02-17, 11:49 pm |
| Hi Sunit,
My setup is not collocated with WAS. I have single instance of IHS2 webserver and I am trying to configure it in SSL mode. Please see below my 'java.security' file.
I have also observed one thing, during installation GSKit did not get installed automatically, I had to install it manually. While a doc from IBM says that it should get installed automatically.
**************************************
#
# @(#)src/security/sov/config/java.security, security, as142, 20040916atmp 1.8.2.1
# ========================================
===================================
# Licensed Materials - Property of IBM
# "Restricted Materials of IBM"
#
# IBM SDK, Java(tm) 2 Technology Edition, v1.4.2
# (C) Copyright IBM Corp. 1998, 2002. All Rights Reserved
# ========================================
===================================
#
#
# This is the "master security properties file".
#
# In this file, various security properties are set for use by
# java.security classes. This is where users can statically register
# Cryptography Package Providers ("providers" for short). The term
# "provider" refers to a package or set of packages that supply a
# concrete implementation of a subset of the cryptography aspects of
# the Java Security API. A provider may, for example, implement one or
# more digital signature algorithms or message digest algorithms.
#
# Each provider must implement a subclass of the Provider class.
# To register a provider in this master security properties file,
# specify the Provider subclass name and priority in the format
#
# security.provider.<n>=<className>
#
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers are
# searched for requested algorithms (when no specific provider is
# requested). The order is 1-based; 1 is the most preferred, followed
# by 2, and so on.
#
# <className> must specify the subclass of the Provider class whose
# constructor sets the values of various properties that are required
# for the Java Security API to look up the algorithms or other
# facilities implemented by the provider.
#
# There must be at least one provider specification in java.security.
# The number 1 is used for the default provider.
#
# Note: Statically registered Provider subclasses are instantiated
# when the system is initialized. Providers can be dynamically
# registered instead by calls to either the addProvider or
# insertProviderAt method in the Security class.
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.spi.IBMCMSProvider
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.jsse.IBMJSSEProvider
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
#
# The entropy gathering device is described as a URL and can
# also be specified with the property "java.security.egd". For example,
# -Djava.security.egd=file:/dev/urandom
# Specifying this property will override the securerandom.source setting.
#
# Class to instantiate as the javax.security.auth.login.Configuration
# provider.
#
login.configuration.provider=com.ibm.security.auth.login.ConfigFile
#
# Default login configuration file
#
#login.config.url.1=file:${user.home}/.java.login.config
#
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
#
policy.provider=sun.security.provider.PolicyFile
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${java.home}/lib/security/java.pol
policy.url.3=file:///${user.home}/.java.policy
# whether or not we expand properties in the policy file
# if this is set to false, properties (${...}) will not be expanded in policy
# files.
policy.expandProperties=true
# whether or not we allow an extra policy to be passed on the command line
# with -Djava.security.policy=somefile. Comment out this line to disable
# this feature.
policy.allowSystemProperty=true
# with -Djava.security.policy=somefile. Comment out this line to disable
# this feature.
policy.allowSystemProperty=true
# whether or not we look into the IdentityScope for trusted Identities
# when encountering a 1.1 signed JAR file. If the identity is found
# and is trusted, we grant it AllPermission.
policy.ignoreIdentityScope=false
#
# Default keystore type.
#
keystore.type=jks
#
# Class to instantiate as the system scope:
#
system.scope=sun.security.provider.IdentityDatabase
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
#package.definition=
#
# Determines whether this properties file can be appended to
# or overridden on the command line via -Djava.security.properties
#
security.overridePropertiesFile=true
#
#
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509
#
# Determines the default SSLSocketFactory and SSLServerSocketFactory
# provider implementations for the javax.net.ssl package. If, due to
# export and/or import regulations, the providers are not allowed to be
# replaced, changing these values will produce non-functional
# SocketFactory or ServerSocketFactory implementations.
#
#ssl.SocketFactory.provider=
#ssl.ServerSocketFactory.provider=
#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
# The Java-level namelookup cache policy for failed lookups:
#
# any negative value: cache forever
# any positive value: the number of seconds to cache negative lookup results
# zero: do not cache
#
# In some Microsoft Windows networking environments that employ
# the WINS name service in addition to DNS, name service lookups
# that fail may take a noticeably long time to return (approx. 5 seconds).
# For this reason the default caching policy is to maintain these
# results for 10 seconds.
networkaddress.cache.negative.ttl=10
184,1
**************************************
Thanks and Regards,
Ganesh |
|
|
|
|