https port configuration

I need need with https port configuration.

Using - IS 6.0.1 on HPUX platform.

I am having problems enabling a https port.

The error is ISS.0070.9014 Private key file does not exist.

I have seen similar postings, but cannot sort the problem.

The story so far,

Using openssl I have created a cert.pem, client.crt and key.pem on a XP platform.
Converted key.pem to key.der using (XP again)
openssl rsa -in key.pem -outform DER -out key.der

ftp transferred files to wM HP platform, (binary transfer).
Placed files in ~/CertificateToolkit/config directory.

Converted cert.pem to cert.der, with cert toolkit

Ports configuration.

Configured https port with, port number, (for testing)client authorisation=none, package=WmRoot, ip address.
Not configured Listener Specific Options.

Certificate configuration.

Server’s Signed Certificate=config/cert.der
Server’s Private Key =config/key.der

Questions.
Is the path and file setup for the certificate configuration ok.
How can I tell if the key.der is valid and not corrupt.

Thanks for any help… john

John,

Try placing your certificate files into the webm_home/IntegrationServer/config folder. Unless fully specified, IS paths are always relative to webm_home/IntegrationServer, so config/cert.der refers to webm_home/IntegrationServer/config/cert.der.

Mark

Mark,
Thank you for your quick response.

I have copied the files as you suggested, but still get an error.

I have also fully qualified the path as
/software/webmethods6/IntegrationServer/CertificateToolkit/config/key.der,
which I had tried before.

The error is now (No such file or directory (errno:2)). even tho I cut and pasted to prevent any errors in typing.

I have seen reference to corrupt key.der files on forums but am not sure
how I can test this. I would also expect a better error if the file was corrupt.

Thanks again … john

John,

Using telnet or ssh, navigate to the folder containing your cert file. Use the pwd command to get the exact directory name. Paste from there into IS.

The error message clearly indicates that this is a file path or filename issue.

Mark

Mark,

I have cut and pasted from a telnet session.
I have also checked authorisations, but again I would expect a different error.

I have tested a relative path from IS home and full path.

Anyway its nearly the weekend here, so I will go now and come in fresh on
Monday and maybe I will find a solution.

I must try and find any config file where this path is being stored, and check for any unusual chars etc.

Have a good weekend,

Thanks again …john

John,

I agree that you would get a different exception if the cert itself were bad. You can install openssl on your Unix box and use it to verify the certificate is valid and uncorrupted there. However, I don’t believe that is the issue.

Enjoy your weekend!

Mark

Hi John,
Did you restart the IS after you placed the certs into /config dir?
Try creating the https port after the server restart.

When I know that I have done it right and it should work and still it doesn’t work, I restart the IS and it works most of the times :).

All, sorry for the delay I have been out for a couple of days.

bsingh,

Thanks for your suggestion, I should have thought of that, it does help sometimes, but not this time.

Mark,

Thanks for your help, I will try one more time and the raise it with webMethods

thanks … john

John,

Have you made any progress on this? If so, what was the issue? In reviewing this thread, I forgot to ask you whether you had generated a certificate signing request (CSR) from the key you created using OpenSSL.

Mark

Mark,
Sorry for the delay in replying.
I have made progress. I recreated the certificates using OpenSSl, reconfigured the ports and certificates. Had a problem which turned out to be our proxy server.
Can now send successfully, just a small problem with receiving., but I will post that separately.

Thanks for the help… john