• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

ws-security certificate expiration warning in web sphere application server

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear friends,
I am new to web service. I could find a warning message in my production environment AIX, Web Sphere 5.1. Please help me to solve this issue.

============================================================================================================
[7/14/11 5:12:36:282 GMT+08:00] 28efcd65 KeyStoreKeyLo W WSEC5189W: The certificate (Owner: "EMAILADDRESS=maruyama@jp.ibm.com, CN=SOAP 2.1 Test CA, OU=TRL, O=IBM, L=Yamato, ST=Kanagawa, C=JP") with alias "soapca" from keyStore "/usr/was51/AppServer/etc/ws-security/samples/dsig-sender.ks" will be expired in 43 days
============================================================================================================

Thanks in advance,
Murugesh.
 
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Looks like the certificate (Owner: "EMAILADDRESS=maruyama@jp.ibm.com, CN=SOAP 2.1 Test CA, OU=TRL, O=IBM, L=Yamato, ST=Kanagawa, C=JP") with alias "soapca" in keyStore "/usr/was51/AppServer/etc/ws-security/samples/dsig-sender.ks" is going to expire in 43 days.

You may have to generate new or renew. Here is a blog on renewing certificates

http://enerosweb.wordpress.com/2010/10/12/renew-certificate-in-websphere-keystore-while-retaining-same-alias/

Thanks
Anant
 
Murugesan Narayanasamy
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear Anant,

Thank you for your reply.

I checked the mentioned blog. It seems we need to buy a new certificate and import it in the keystore. Prior to this, I would like to confirm whether "we are using this keystore and it's certificate is going to expire" or "we are not at all using this keystore and it is a general warning for keystores across websphere components"

Please help me to identify whether we are using this keystore or not. Where can I check and confirm this in websphere.

And also, if you find any document for renewing this certificate in AIX sever, please share it with here.

Thanks in advance.

Thanks,
Murugesh.
 
Murugesan Narayanasamy
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear Friends,
Here are the following steps that I did to ensure the keystore ussage.

1.Traced the soap message and printed it. It clearly says there is no authentication header information present in the soap message.
2.Moved the keystore file to a backup location. We were able to call the webservice without any issue.

If anyone know how to disable that warning in websphere, please share it.

Thanks,
Murugesh.
 
reply
    Bookmark Topic Watch Topic
  • New Topic