1,126
edits
Difference between revisions of "IBM Content Manager OnDemand v10.5.0.7 and GSKit support for Post-Quantum Cryptography"
IBM Content Manager OnDemand v10.5.0.7 and GSKit support for Post-Quantum Cryptography (view source)
Revision as of 14:51, 28 March 2024
, 14:51, 28 March 2024Fixed the CMOD ars.ini SSL_USE_CLNT_SSL environment variable.
(Added troubleshooting item rc 407 GSK_ERROR_BAD_KEYFILE_LABEL .) |
m (Fixed the CMOD ars.ini SSL_USE_CLNT_SSL environment variable.) |
||
| Line 33: | Line 33: | ||
: Checking your operating system's diagnostic tools like <code> netstat -tlnp</code> shows the ssl port as open/listening. | : Checking your operating system's diagnostic tools like <code> netstat -tlnp</code> shows the ssl port as open/listening. | ||
: Attempts to connect to the encrypted port with <code> openssl s_client</code> or <code> ncat -ssl</code> returns NOTHING. (No error, just ''no response''.) | : Attempts to connect to the encrypted port with <code> openssl s_client</code> or <code> ncat -ssl</code> returns NOTHING. (No error, just ''no response''.) | ||
: Using the <code> arssockd -I ARCHIVE -p</code> option when <code> | : Using the <code> arssockd -I ARCHIVE -p</code> option when <code> SSL_USE_CLNT_SSL=1</code> is set in [[ars.ini]] results in a failed connection. | ||
: Checking your KeyDB with <code> gsk8capicmd_64 -cert -verify</code> produces 'OK'. | : Checking your KeyDB with <code> gsk8capicmd_64 -cert -verify</code> produces 'OK'. | ||
: If you run a server trace on arssockd, you will find a return code 407 from GSKit also known as <code>GSK_ERROR_BAD_KEYFILE_LABEL</code>. | : If you run a server trace on arssockd, you will find a return code 407 from GSKit also known as <code>GSK_ERROR_BAD_KEYFILE_LABEL</code>. | ||