IBM Support

"Manage keys and certificates" link for plugin-key.kdb is broken in the WebSphere Application Server administrative console

Troubleshooting


Problem

You cannot manage plugin-key.kdb from the WebSphere Application Server administrative console. The "Manage keys and certificates" icon for plugin-key.kdb appears to be broken.

Symptom

From the administrative console, go to Servers > Web Servers > webserver_name > Plug-in properties. Then, click the Manage keys and certificates link below the plug-in keystore file name,



It fails to go to the keys and certificate management page for plug-in keystore,



Instead it goes back to the page displaying the Web servers.

Cause

This is possibly caused by the plugin-key.kdb file not being copied over to the application server configuration during the creation of the Web server definition. Even if the plugin-key.kdb file is manually copied over to application server config directory later on, the security.xml file is not updated with CMSKeyStore.

Resolving The Problem

  1. Verify that the plugin-key.kdb and plugin-key.sth files exist in application server configuration directory.
    • For a Base environment, they should be under the following directory:

      profile_root/profile_name/config/cells/cell_name/nodes/node_name/servers/webserver_name

    • For a Network Deployment environment. they should be under the following directory:

      profile_root/dmgr_profile/config/cells/cell_name/nodes/node_name/servers/webserver_name

    If they did not already exist, copy them from IHS_root/Plugin/config/webserver_name to the application server configuration directory.

    Note: If the plugin-key.kdb file does not exist in application server configuration directory, the plug-in key store file name will be greyed out from the console.


  2. From the administrative console, go to Security > SSL certificate and key management and select Manage end points security configurations.

  3. Expand Inbound, then cell_name > nodes > node_name > servers and find the webserver_name listed under servers, click on webserver_name.



  4. From the SSL certificate and key management > Manage endpoint security configurations > webserver_name page, click on key stores and certificates from the right hand side.

    You should see CMSKeyStore listed. If the configuration is correct, it is likely that you do not have it listed if you cannot manage plug-in keystore from the console.

    If you do not have CMSKeyStore listed, click New, input "CMSKeyStore" in the Name field, the location of plugin-key.kdb file under application server configuration. For example, enter the following as Path. Path needs to include file name, plugin-key.kdb:

    profile_root/Dmgr_profile/config/cells/cell_name/nodes/node_name/servers/webserver_name/plugin-key.kdb

    Default Password is WebAS for plugin-key.kdb. Select CMSKS for Type.



  5. Click Apply and save the change.

  6. Go back to Servers > Web Servers > webserver_name > Plug-in properties and click on Manage keys and certificates again. Now you should be able to manage plug-in keystore from the console.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Plug-in","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21426980

Page Feedback