IBM Sterling Connect:Direct : Import C:D certificates on C:D WebService

From Wiki

If you setup Secure+ during the install you need to import certificates from C:D on C:D WebServices


Bellow i provide some common error messages that happens when not configured.

Procedure

Import from C:D keystore to C:D WS Trusted Store - C:D and C:D WebService are in the same machine

I will export from cdkeystore.p12 

keytool -exportcert \
   -keystore /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.p12 \
   -storetype PKCS12 \
   -alias cdinternal \
   -file cdinternal.cer \
   -storepass <source_password>

and import into trustedkeystore.jks 

keytool -importcert \
   -file cdinternal.cer \
   -keystore /opt/IBM/MFTWebServices/mftws/BOOT-INF/classes/trustedkeystore.jks \
   -alias cdnode02-cdinternal \
   -storepass <destination_password> \
   -noprompt

after you can open C:D WebService and check

And you need to change

347

Tips

Check your configuration

You can check using command 

cd /home/cdadmin02/cdunix/etc
./cdcustrpt

check the following in cd.support.rpt 

SPCLI> display all;
...
 Name=.Client
 Type=R
 Protocol=(TLS1.2,TLS1.3)
 Override=N
 SecurityMode=DefaultToLN
 AuthTimeout=120
 KeyCertLabel=CDInternal
 ClientAuth=Y
 CipherSuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,...)

Check 

cd /home/cdadmin02/cdunix/jre/ibm-java-x86_64-80/jre/bin/
./ikeycmd -cert -list -db "/home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb" -pw changeit

the output 

Certificates in database /home/cdadmin02/cdunix/ndm/secure+/certificates/cdkeystore.kdb:
  CDInternal


Common Error Messages

The following message erros can confirm this situation when you try to connect to C:D on User Functions

Error on C:D WebService

Connect:Direct server is in stop state or ipAddress/port is invalid

you need to import C:D certificates on C:D WebService

Error on C:D log

STAR=20230425 19:38:58.479|CCOD=8|RECI=CSPA|RECC=CAEV|OSID=17600|TZDI=-25200|MSGI=CSPA304E|MSGT=Client connection is not secure.  Message ID CSPA304E, rc=8, fdbk=0.
STAR=20230425 19:38:58.481|RECI=CXIT|RECC=CAEV|OSID=17318|TZDI=-25200|MSGT=CMGR exited.  Pid=17600.  Exitcode=0.

you need to import C:D certificates on C:D WebService

Error: Logon failed! Either Certificate or Authority is not configured

check you /home/cdadmin02/cdunix/ndm/cfg/CDNODE02/userfile.cfg for user access

Ver também

Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_Sterling_Connect:Direct_:_Import_C:D_certificates_on_C:D_WebService&oldid=9730"