Troubleshooting
Problem
The isamcfg utility does not specify the values that are needed for SSL communication when you select basic authentication as the authentication method. Additionally, this issue prevents WebSEAL from starting if the LDAP user registry is configured to use SSL.
Symptom
WebSEAL or the Web Gateway Instance fails to start. The logs can include the following messages:
- HPDRG0201E Error code 0x71 was received from the LDAP server. Error text: "SSL initialization call failed".
- 0x38AD50C9 webseald ERROR wiv azn WsMgr.cpp 1406 0x7f6d059b0720 -- DPWIV0201E The azn-api function 'azn_initialize' returned 0x1b3a0
- 0x38CF013A webseald FATAL wwa server WsMgr.cpp 1484 0x7f6d059b0720 -- DPWWA0314E Initialization of authorization API failed. Major status=0x1, minor status = 0x1005b3a0 --
DPWWA2851E An error was returned from the SOAP server in cluster cluster1 when calling the ping interface: DPWIV1217W SSL connection error. (pd / wiv) (code: 0x38ad54c1).
Cause
When you configure IBM® Security Access Manager for Mobile, you run the isamcfg utility to configure either the Web Gateway Appliance or WebSEAL as the point of contact server. The isamcfg utility sets values for multiple configuration parameters in the WebSEAL configuration file. The isamcfg utility also prompts the user to select an authentication method. When the user selects basic authentication, the utility sets several values but does not specify the values that are needed for SSL communication.
Resolving The Problem
To enable SSL communication, manually create the following entries in the[rtss-cluster:clusterX] stanza of the WebSEAL configuration file:
- ssl-keyfile = /var/pdweb/www-default/certs/pdsrv.kdb
- ssl-keyfile-stash = /var/pdweb/www-default/certs/pdsrv.sth
- ssl-keyfile = pdsrv.kdb
- ssl-keyfile-stash = pdsrv.sth
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21653467