WebSphere 인증서 만료로 정상종료 및 동기화 실패 조치

2014.05.23 10:19

1. 웹스피어 종료 실행 시 에러 현시되며 정상 종료 실패

  [app1:root] /WebSphere > ./stop_was.sh

ADMU0116I: Tool information is being logged in file

           /WebSphere/AppServer/profiles/AppSrv01/logs/mhomeapp-1/stopServer.log

ADMU0128I: Starting tool with the AppSrv01 profile

ADMU3100I: Reading configuration for server: mhomeapp-1

ADMU0509I: The server "mhomeapp-1" cannot be reached. It appears to be stopped.

ADMU0211I: Error details may be seen in the file:

           /WebSphere/AppServer/profiles/AppSrv01/logs/mhomeapp-1/stopServer.log  ---> 정상종료 불가

ADMU0116I: Tool information is being logged in file

           /WebSphere/AppServer/profiles/AppSrv01/logs/homeapp-1/stopServer.log

ADMU0128I: Starting tool with the AppSrv01 profile

ADMU3100I: Reading configuration for server: homeapp-1

ADMU0509I: The server "homeapp-1" cannot be reached. It appears to be stopped.

ADMU0211I: Error details may be seen in the file:

           /WebSphere/AppServer/profiles/AppSrv01/logs/homeapp-1/stopServer.log  ---> 정상종료 불가

ADMU0116I: Tool information is being logged in file

           /WebSphere/AppServer/profiles/AppSrv01/logs/nodeagent/stopServer.log

ADMU0128I: Starting tool with the AppSrv01 profile

ADMU3100I: Reading configuration for server: nodeagent

ADMU0509I: The server "nodeagent" cannot be reached. It appears to be stopped.

ADMU0211I: Error details may be seen in the file:

           /WebSphere/AppServer/profiles/AppSrv01/logs/nodeagent/stopServer.log  ---> 정상종료 불가

ADMU0116I: Tool information is being logged in file

           /WebSphere/AppServer/profiles/Dmgr/logs/dmgr/stopServer.log

ADMU0128I: Starting tool with the Dmgr profile

ADMU3100I: Reading configuration for server: dmgr

ADMU3201I: Server stop request issued. Waiting for stop status.

ADMU4000I: Server dmgr stop completed.




2. 에러로그 확인

 생략

[5/22/14 14:27:51:953 KST] 0000000a ManagerAdmin I TRAS0017I: The startup trace state is *=info.

[5/22/14 14:27:52:015 KST] 0000000a AdminTool A ADMU0128I: Starting tool with the AppSrv01 profile

[5/22/14 14:27:52:017 KST] 0000000a AdminTool A ADMU3100I: Reading configuration for server: homeapp-1

[5/22/14 14:27:54:080 KST] 0000000a SSLConfig W CWPKI0041W: One or more key stores are using the default password.

[5/22/14 14:27:54:087 KST] 0000000a SSLConfigMana I CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.  ----> 에러현시 됨

[5/22/14 14:27:54:971 KST] 0000000a WSX509TrustMa E CWPKI0312E: The certificate with subject DN CN=app1, O=IBM, C=US has an end date Tue Mar 11 10:37:00 KST 2014 which is no longer valid.

[5/22/14 14:27:54:989 KST] 0000000a WsServerStop E ADMU3002E: Exception attempting to process server homeapp-1

 생략



3. 인증관련 key.p12 및 trust.p12 파일 rename 후 재기동


[app1:root] /WebSphere > find ./ -name trust.p12

./AppServer/profiles/AppSrv01/config/cells/app1Cell/nodes/homeappNode01/trust.p12

./AppServer/profiles/AppSrv01/config/cells/app1Cell/trust.p12

./AppServer/profiles/AppSrv01/etc/trust.p12

./AppServer/profiles/Dmgr/config/cells/app1Cell/nodes/homeappNode01/trust.p12

./AppServer/profiles/Dmgr/config/cells/app1Cell/nodes/homeappNode02/trust.p12

./AppServer/profiles/Dmgr/config/cells/app1Cell/trust.p12

./AppServer/profiles/Dmgr/etc/trust.p12


[app2:root] /WebSphere > find ./ -name trust.p12

./AppServer/profiles/AppSrv02/config/cells/app1Cell/nodes/homeappNode02/trust.p12

./AppServer/profiles/AppSrv02/config/cells/app1Cell/trust.p12

./AppServer/profiles/AppSrv02/etc/trust.p12


--> 위 경로의 SSL 관련 KEY 파일이 만료된 파일임. 삭제 또는 rename

 #mv key.p12 key.p12.old

 #mv trust.p12 trust.p12.old



4. 종료 실패 프로세스 KILL로 강제 종료

 #kill -9 pid



5. 웹스피어 재기동 후 정상종료 시 인증 재갱신 --- app1,2 반복

[app2:root] /WebSphere > ./stop_was.sh

ADMU0116I: Tool information is being logged in file

           /WebSphere/AppServer/profiles/AppSrv02/logs/stopServer.log

ADMU0128I: Starting tool with the AppSrv02 profile



*** SSL SIGNER EXCHANGE PROMPT ***

SSL signer from target host 172.***.***.*** is not found in trust store /WebSphere/AppServer/profiles/AppSrv02/etc/trust.p12.


Here is the signer information (verify the digest value matches what is displayed at the server): 


Subject DN:    CN=app2, O=IBM, C=US

Issuer DN:     CN=app2, O=IBM, C=US

Serial number: 1400742093100279000

Expires:       Thu May 17 16:01:32 KST 2029

SHA-1 Digest:  B5:F2:D6:18:B6:BD:9D:27:2D:F4:46:CD:40:DF:A1:03:76:5B:69:AB

MD5 Digest:    E2:CD:66:A7:23:41:E9:D7:FA:1F:F8:22:D2:9D:6C:DA


Add signer to the trust store now? (y/n) y 입력

A retry of the request may need to occur if the socket times out while waiting for a prompt response.  If the retry is required, note that the prompt will not be redisplayed if (y) is entered, which indicates the signer has already been added to the trust store.

ADMU3201I: Server stop request issued. Waiting for stop status.

  이하생략

ADMU4000I: Server nodeagent stop completed.




6. 정상동작 확인(WAS 재기동)





또루아빠 WAS , , ,