Skip to main content

Support & downloads  >  

MustGather: Errors using iKeyman with IBM HTTP Server

 Technote (troubleshooting)
 
Problem(Abstract)
Collecting data for problems with the IBM® HTTP Server iKeyman tool. Gathering this MustGather information before calling IBM support will help you understand the problem and save time analyzing the data.

Note: This only applies to the iKeyman tool that is local to each IBM HTTP Server install and does not apply to WebSphere® Application Server V6.1 Administrative Console key administration feature.
 
Resolving the problem
The iKeyman tool is used to implement certificates for servers using Secure Sockets Layer (SSL). When iKeyman error messages do not isolate the problem, it might be necessary to enable the iKeyman trace log.

If you have already contacted support, continue on to the component-specific MustGather information. Otherwise, click: MustGather: Read first for IBM HTTP Server.


Collecting iKeyman specific MustGather information
  1. Open a command window or a terminal session (UNIX).
    • If you are using IBM HTTP Server version 6.0, set JAVA_HOME to <ihsinst>/_jvm

    • If you are using IBM HTTP Server version 6.1, set JAVA_HOME to <ihsinst>/java/jre

    • If you are using IBM HTTP Server version 7.0 set JAVA_HOME to <ihsinst>/java/jre

    Note: If you are using an IBM HTTP Server release version earlier than 6.0, set JAVA_HOME to any 32-bit IBM JRE 1.4.2/1.5 at the latest service level.

  2. Use the following commands to enable the iKeyman debug logging:
    • Windows iKeyman debug instruction
      1. In the command window create a new, empty directory and CD into that directory.

      2. Enter the following command on 1 line from the empty directory:

        gsk7ikm -Dkeyman.debug=true -Dkeyman.jnitracing=ON -Djava.security.debug=ALL  2>ikeyman.txt

        You can also use this script file that automatically starts iKeyman with the correct debug options.

        ikeyman-dbg.bat

        Note: You might need to edit this script to set the correct value for Java_home and gsk_home on your system.

    • UNIX iKeyman debug instructions
      Run the iKeyman script and add the option -x. For example: ikeyman -x

  3. Recreate the problem.

  4. Collect these files to send to IBM.
    • The .kdb, .crl, .sth, .rdb files you are using. The files will all have the same file name and filetypes of: kdb, sth, rdb and crl

    • Any certificate or signer certs required to reproduce the failure.

    • The 3 files created by running iKeyman with debug options. These 3 files are created in the folder where iKeyman is run. The filenames are ikmcdgb.log, ikmgdbg.log, and ikmjdbg.log.

  5. Follow instructions to send diagnostic information to IBM support.

For a listing of all technotes, downloads, and educational materials specific to iKeyman, search the IBM HTTP Server support site or the WebSphere Application Server support site.
 
Related information
MustGather: CMS key DB and certificate problems
Submitting information to IBM Support
MustGather: Read first for IBM HTTP Server
Troubleshooting Guide
Steps to get support
 
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Application Servers
 Distributed Application & Web Servers
 IBM HTTP Server
 SSL
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows
 Software version:
  2.0.47.1, 6.0, 6.1, 7.0
 Reference #:
  1202820
 IBM Group:
 Software Group
 Modified date:
 2010-01-31

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.