IBM MobileFirst Platform GSK_ERROR_BAD_KEYFILE_PASSWORD - ibm-mobilefirst

I'm catching the error gsk error 408 (GSK_ERROR_BAD_KEYFILE_PASSWORD) from the IHS plugins logs. IBM is recommending me the next steps to fix it:
http://www-01.ibm.com/support/docview.wss?uid=swg21177702
What are the .kdb and .sth files function? If I want to generete the .sth file again, Do I need to keep the application servers (liberty) running? Where can I find more information about these files related to the IBM platform?

The *.kdb is a collection of SSL certificates and keys. It's password-protected. The *.sth is where the obfuscated password is stored.
You can recate the *.sth with the command line tools provided by IHS and the WAS plugin. See $IHSROOT/bin/gskcapicmd -keydb -stashpw.
The *.sth file has no real relationship the application server or any JVM. It's read by the WebServer Plugin at startup.

Related

"handshake_failure" error trying to connect IDEA to Jira

I am trying to set up jira as a task server in IDEA IntelliJ.
I am getting handshake_failure error when I try to test my connection.
Reading about it in SO and Atlassion forums, I tried several things but none worked:
downloading the certificate from jira server and installing it in intellij
adding -Dhttps.protocols="TLSv1" to my .vmoptions IDEA startup config file
It happens both to my corporate jira instance and to external public jira servers.
In addition, it also happened with IntelliJ 2016.
Has anyone managed to get this working?
The problem was that the server used a cipher that was disabled in my jvm.
In order to fix, I uncommented
crypto.policy=unlimited
in my jre <jre-home>\lib\security\java.security
see this SO question or this one for more details about security policies

IBM MobileFirst Platform 6.3 Operational Analytics Failed installation for Tomcat

I have installed MobileFirst 6.3 appcenter console, worklight console successfully, they are operating fine on Tomcat/7.0.57. However when I try to install Operational Analytics, the documentation has the following
http://www-01.ibm.com/support/knowledgecenter/SSHS8R_6.3.0/com.ibm.worklight.installconfig.doc/monitor/c_op_analytics_installation_tomcat.html
I am using tomcat manager http://localhost:8080/html to deploy the war files. logging in as manager, with the manager-gui role.
worklight-analytics.war - deployed with no issues
when I select the worklight-analytics-service.war file and deploy in the GUI, it throws a blank page first, indicating "connection error", and when I refresh the page, on the status bar in Tomcat manager GUI, I get this message - "FAIL - Tried to use command /upload via a GET request but POST is required";
Please provide some direction on what I need to do get this fixed. I am not sure If I have provided all required information - please bear with me and ask, if anything relevant (obviously I can't figure out what is relevant yet) is required to debug.
So I was able to reproduce your error and I saw this in the logs:
java.lang.IllegalStateException:
org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimitExceededException:
the request was rejected because its size (57353297) exceeds the
configured maximum (52428800)
It looks like by default, the web UI will only upload WARs of size 50MB or smaller. The analytics service WAR file is larger than this, so that is why this is failing. I was able to increase the limit by modifying the following lines in
/webapps/manager/WEB-INF/web.xml
<max-file-size>100000000</max-file-size>
<max-request-size>100000000</max-request-size>
This will increase the limit to 100MB. After I did this, I was able to successfully deploy the service WAR.
Just as a heads up, once you get the WAR deployed, you'll be presented with the login page. You'll need a tomcat user with the 'worklightadmin' role in order to get past the login screen.
The worklight-analytics-service WAR file does not have a user interface. It is simply referenced by the worklight-analytics WAR file. When both WARs have been deployed, can you see the analytics console? And does data load just fine? If so, then everything is fine. There is only an issue if you are unable to use the user interface provided by the worklight-analytics WAR file.

Can I ignore CWWKS3005E messages on worklight server logs?

I have an application running on Worklight 6.1 and I am seeing this messages on the log.
CWWKS3005E: A configuration exception has occurred. No UserRegistry implementation service is available
I don't need to authenticate the users on my application, can I ignore this message?
I'm not sure, but you can try to cancel logging for this specific package using following log configuration in server.xml:
<logging traceSpecification="XXX.XXX.*=off=disabled"/>
where XXX.XXX.* is the package where the error was occurred.
Here is a list of all available log levels: http://www-01.ibm.com/support/knowledgecenter/SSCKBL_8.5.5/com.ibm.websphere.nd.doc/ae/utrb_loglevel.html
I understand that you are not asked how to remove these messages from the log file, but you asked should you worry about these messages.
Anyway this log is not of Worklight server, it generated by Liberty server. It means you have something wrong in server configuration.
I found that this messages is because my server.xml configuration file of WebSphere Liberty Profile contains this feature
appSecurity-1.0
And I am not defining any User Registry.
http://pic.dhe.ibm.com/infocenter/rsahelp/v8r5/topic/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_feat.html
I am not running the Application Center in this profile and I am securing the Worklight console using properties in the worklight.properties file.
So, the question is can I remove the appSecurity feature?
Add <basicRegistry></basicRegistry> to your server.xml.

Failed to deploy missing security Test

I have successfully gotten the module 41 sample running with eclipse and the local server. Attempting to deploy on my liberty server returns the error.
Failed to deploy application 'PushApplication-all.wlapp'. : application descriptor uses a security test:PushApplication-strong-mobile-securityTest. However, authentication config xml does not contain a security test element with that name.
I am on Worklight 5.0.5 with a successful app running on the server and now trying to add push notifications. I have checked the war file and it does contain the authentication-config.xml with the specified test.
I saw a smilier post a few momths ago but am unable to find whether it got answered
thanks in advance.
From the sound of it, you are trying to deploy your .wlapp to a server that is already running an instance of Worklight, but this instance does not have the required securityTest settings in authenticationConfig.xml
This leads me to believe that you did not replace the .war file you already had deployed in the Liberty-profile application server with the .war file from your Push Notifications project, which contains the up-to-date authenticationConfig.xml

How to use java.util.logging in Weblogic?

I have an application that was migrated from Glassfish to Weblogic, and it uses java.util.logging as logging framework.
The only way I have found to make the logs work is by editing the logging.properties file of the JVM and restart the server. This solution is awkward and gives problems because the log is written to a different file than the standard ones for weblogic, so we have to look at too many files for a log in a clustered environment. Besides, for some reason this does not work on some Windows systems.
Is there a way to keep using standard java logging to write messages to weblogic's standard log files? I tried the instructions on this page but it doesn't work either.
WebLogic Server ships with a JDK logging handler which will pick up log messages emitted from JDK logging framework and direct them into the WebLogic Server logging system.
Set the default logging level for new ServerLoggingHandler instances in logging.properties as well as adding the ServerLoggingHandler to the handlers.
handlers = weblogic.logging.ServerLoggingHandler
weblogic.logging.ServerLoggingHandler.level = ALL
http://docs.oracle.com/cd/E14571_01/web.1111/e13739/logging_services.htm#CHDBBEIJ
To direct the JDK logging framework to use the logging.properties file, the standard System property java.util.logging.config.file is used. With WebLogic Server, this can be easily accomplished by setting the JAVA_OPTIONS System property with the corresponding value.
$ export JAVA_OPTIONS="-Djava.util.logging.config.file=/Users/xxx/Projects/Domains/wls1035/logging.properties"
Some more hints here: http://buttso.blogspot.de/2011/06/using-slf4j-with-weblogic-server.html