{"id":5656,"date":"2016-04-13T12:26:07","date_gmt":"2016-04-13T04:26:07","guid":{"rendered":"http:\/\/rmohan.com\/?p=5656"},"modified":"2016-04-13T12:26:07","modified_gmt":"2016-04-13T04:26:07","slug":"gsk_error_bad_cert-gsk-rc-414","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5656","title":{"rendered":"GSK_ERROR_BAD_CERT (gsk rc = 414)"},"content":{"rendered":"

GSK_ERROR_BAD_CERT (gsk rc = 414)<\/h3>\n
<\/div>\n
When an HTTPS request is sent to a IBM WebSphere Application Server V6.1 server, from a web server, the web server plug-in log shows the error Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)<\/p>\n

Cause:<\/b> Not correct signer certificate in plugin…kdb file<\/p>\n

The certificate sent by WebSphere Application Server to the plug-in cannot be authenticated by the plug-in key file.\u00a0The reason is that the plug-in key file does not have the adequate signer to authenticate the certificate sent by WebSphere Application Server.<\/span><\/p>\n

Resolving the problem<\/b><\/p>\n

1. \u00a0 \u00a0 \u00a0 \u00a0In the administrative console, go to\u00a0Security > SSL certificate and key management<\/b>.<\/p>\n

Before doing any changes, put select\u00a0Dynamically update the runtime when changes occur<\/b>\u00a0on this page. This option makes sure that changes are propagated to runtime immediately after they are saved. This option requires a restart to become active after it is selected. If this option is enabled, make sure that you make SSL configuration changes when the system does not have a high burden on it to prevent performance impacts.<\/p>\n

2. \u00a0 \u00a0 \u00a0 \u00a0Click the\u00a0Manage endpoint security configurations<\/b>\u00a0link.<\/p>\n

3. \u00a0 \u00a0 \u00a0 \u00a0Expand\u00a0Inbound or Outbound<\/b>, expand the cell name to see the list of nodes.<\/p>\n

For all the nodes that appear in the list:<\/p>\n

Opening an empty text file will help you through the process.<\/p>\n

4. \u00a0 \u00a0 \u00a0 \u00a0Go to\u00a0Key stores and certificates<\/b>\u00a0which is under\u00a0Related Items<\/b>.<\/p>\n

5. \u00a0 \u00a0 \u00a0 \u00a0Click on the\u00a0NodeDefaultKeyStore<\/b>. Under\u00a0Additional Properties<\/b>, click on\u00a0Personal Certificates<\/b>.<\/p>\n

6. \u00a0 \u00a0 \u00a0 \u00a0Note down the serial number of the default certificate. Select the box near the default certificate. Click\u00a0Extract<\/b>.<\/p>\n

7. \u00a0 \u00a0 \u00a0 \u00a0Write the file name to be extracted with the full path, leave the data type as it is, note down the file path after the serial number. ClickOK<\/b>.<\/p>\n

If you chose to create a cell profile after your initial WebSphere Application Server installation, the cell manager node and the stand alone node you have created that time might have the same certificate with the same serial number. Do not let it confuse you.<\/p>\n

After the previous instructions are done for all nodes, continue with the following steps.<\/p>\n

8. \u00a0 \u00a0 \u00a0 \u00a0Come to the\u00a0Manage endpoint security configurations<\/b>\u00a0page where you see the node list again (instructions 1-3).<\/p>\n

9. \u00a0 \u00a0 \u00a0 \u00a0Expand the node which includes the web server.<\/p>\n

10. \u00a0 \u00a0 \u00a0 \u00a0Click on the web server, then click on\u00a0Key stores and certificates<\/b>.<\/p>\n

11. \u00a0 \u00a0 \u00a0 \u00a0Click on the\u00a0CMSKeyStore<\/b>.<\/p>\n

12. \u00a0 \u00a0 \u00a0 \u00a0Click on the Signer certificates. You can either add here all the certificates you have extracted, or you can click on default certificates in this page, if there are any, and compare their serial numbers with the numbers that you have taken note of to determine which default certificates are missing.<\/p>\n

For all the certificates or just the missing ones apply the instructions below.<\/p>\n

13. \u00a0 \u00a0 \u00a0 \u00a0Click\u00a0Add<\/b>\u00a0on the current page.<\/p>\n

14. \u00a0 \u00a0 \u00a0 \u00a0Enter the certificate file path, an alias as you wish, and leave the data type as it is. Click\u00a0OK<\/b>.<\/p>\n

When you are sure that you have the complete set of default certificates added as signer certificates, save the changes, and synchronize.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

GSK_ERROR_BAD_CERT (gsk rc = 414) When an HTTPS request is sent to a IBM WebSphere Application Server V6.1 server, from a web server, the web server plug-in log shows the error Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414)<\/p>\n

Cause: Not correct signer certificate in plugin…kdb file<\/p>\n

The certificate sent by WebSphere Application Server to the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5656"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5656"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5656\/revisions"}],"predecessor-version":[{"id":5657,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5656\/revisions\/5657"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}