Author Topic: Issue implementing SSL  (Read 1145 times)

jsquizz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 573
    • View Profile
Issue implementing SSL
« on: October 06, 2021, 09:00:31 AM »
Hi All,

We are in the process of getting SSL Up and running, but it looks like we have an issue connecting from the library server to the object server when SSL is enabled.

When ODWEK Calls are made-
Code: [Select]
124002:47247019583232 10/06/2021 08:41:48:330624 ERROR (null)(0)(null):Server message msg timestamp=2021-10-06 08:41:48.325613 msg userid=ADMIN msg severity=2 msg num=142 msg text=ARS0142E Connection cannot be established for the >zlt12669< server  Srvr->LibServer XXX.XXX.XXX.XXX non-SSL<- msg appl=N msg logid=869449959
124002:47247019583232 10/06/2021 08:41:48:330629 ERROR (null)(0)(null):ARSLOG message msg num=142
124002:47247019583232 10/06/2021 08:41:48:330875 ERROR (null)(0)(null):CONSOLE message msg num=142
124002:47247030097664 10/06/2021 08:41:48:333627 ERROR arssrvr.c(4798)ArcSERVP_ProcessRequest:Sending message to library server msg timestamp=2021-10-06 08:41:48.303407 msg userid=M09530 msg severity=2 msg num=142 msg text=ARS0142E Connection cannot be established for the >LIBSERV< server  Srvr->LIBSERV<- msg appl=N msg logid=869449959

These are from the trace file, when I was trying to load/retrieve from the library server -> object server. The other way around (ARSDOC/ARSLOAD OBJ --FROM/INTO --> LIB) works fine.
Code: [Select]
79057:47879365379840 10/06/2021 10:43:56:122707 ERROR arsgskod.c(2828)ArcGSKOD_Connect:socket_init ssl_rc=420 ssl_str=GSK_ERROR_SOCKET_CLOSED
79057:47879365379840 10/06/2021 10:43:56:203928 ERROR arsgskod.c(2828)ArcGSKOD_Connect:socket_init ssl_rc=420 ssl_str=GSK_ERROR_SOCKET_CLOSED
79057:47879365379840 10/06/2021 10:43:56:290131 ERROR arsgskod.c(2828)ArcGSKOD_Connect:socket_init ssl_rc=420 ssl_str=GSK_ERROR_SOCKET_CLOSED
79057:47879365379840 10/06/2021 10:43:56:406313 ERROR arsgskod.c(2828)ArcGSKOD_Connect:socket_init ssl_rc=420 ssl_str=GSK_ERROR_SOCKET_CLOSED

Anyone have thoughts?
#CMOD #DB2 #AFP2PDF #TSM #AIX #RHEL #AWS #AZURE #GCP #EVERYTHING

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: Issue implementing SSL
« Reply #1 on: October 08, 2021, 05:37:11 AM »
If you have separate library and object servers, then you will need unique SSL certificates for each - you can't re-use server certificate from one server to the other.

For troubleshooting IBM CMOD SSL, use openssl s_client with the -showcerts option - that will show you which certificates are being presented by each server.
-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR

jsquizz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 573
    • View Profile
Re: Issue implementing SSL
« Reply #2 on: October 08, 2021, 02:11:41 PM »
If you have separate library and object servers, then you will need unique SSL certificates for each - you can't re-use server certificate from one server to the other.

For troubleshooting IBM CMOD SSL, use openssl s_client with the -showcerts option - that will show you which certificates are being presented by each server.
-JD.

Here's the new issue haha-

Code: [Select]
78759:47665277347584 10/08/2021 08:59:31:101247 ERROR (null)(0)(null):Server message msg timestamp=2021-10-08 08:59:31.090354 msg userid=USERID msg severity=2 msg num=23 msg text=ARS0023E Object >195FAAA< in Application Group >AG< not found in cache, no other storage defined  Srvr->server1.1.1.1 non-SSL<- msg appl=N msg logid=1540228370
78759:47665277347584 10/08/2021 08:59:31:101263 ERROR (null)(0)(null):ARSLOG message msg num=23
78759:47665277347584 10/08/2021 08:59:31:101572 ERROR (null)(0)(null):CONSOLE message msg num=23
78759:47665497184000 10/08/2021 08:59:31:104615 ERROR arscssm.c(3298)ArcCSSMP_Retrieve:Sending message to library server msg timestamp=2021-10-08 08:59:31.066932 msg userid=M09530 msg severity=2 msg num=23 msg text=ARS0023E Object >195FAAA< in Application Group >AG< not found in cache, no other storage defined  Srvr->server<- msg appl=N msg logid=1540228370
#CMOD #DB2 #AFP2PDF #TSM #AIX #RHEL #AWS #AZURE #GCP #EVERYTHING

jsquizz

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 573
    • View Profile
Re: Issue implementing SSL
« Reply #3 on: October 15, 2021, 10:48:24 AM »
Here's another strange issue. When we do the retrieval, it is trying to retrieve the document from the cache defined on the library server - /opt/app/cmod/ARSCACHE - is defined within ars.cache, defined as our cache only - library server storage.

The very last line of this error, is invalid. The document is physically located - and the application group is defined to our cache object server.

Code: [Select]
62572:47394759460608 10/14/2021 10:13:26:981056 INFO arssmcac.c(3645)ArcCACHE_Retrieve:Current state object=/opt/app/cmod/ARSCACHE/retr/BSA/DOC/4FAAA (ArcI32)errno=2
Code: [Select]
62572:47394759460608 10/14/2021 10:13:26:967014 FLOW arscssm.c(541)ArcCSSMP_DataProcessInit:Return arccs return code=0,ARCCS_OKAY
62572:47394759460608 10/14/2021 10:13:26:967025 FLOW arscssm.c(3671)ArcCSSMP_ObjectRetrieve:Enter
62572:47394759460608 10/14/2021 10:13:26:967030 FLOW arscssm.c(3420)ArcCSSMP_ProcessObjName:Enter
62572:47394759460608 10/14/2021 10:13:26:967036 FLOW arscssm.c(3439)ArcCSSMP_ProcessObjName:Return
62572:47394759460608 10/14/2021 10:13:26:967048 FLOW arscssm.c(3179)ArcCSSMP_Retrieve:Enter
62572:47394759460608 10/14/2021 10:13:26:967059 FLOW arssmcac.c(2752)ArcCACHE_Init:Enter
62572:47394759460608 10/14/2021 10:13:26:967072 INFO arssmcac.c(2798)ArcCACHE_Init:Current state startup->cacheNameList[i]=/opt/app/cmod/ARSCACHE
62572:47394759460608 10/14/2021 10:13:26:967079 INFO arssmcac.c(2809)ArcCACHE_Init:Current state (ArcI32)init->status=2
62572:47394759460608 10/14/2021 10:13:26:967085 FLOW arssmcac.c(2817)ArcCACHE_Init:Return rc=0
62572:47394759460608 10/14/2021 10:13:26:967101 FLOW arssmcac.c(3560)ArcCACHE_Retrieve:Enter
62572:47394759460608 10/14/2021 10:13:26:967145 FLOW arssmcac.c(137)ArcCACHEPri_AssembleName:Enter
62572:47394759460608 10/14/2021 10:13:26:967161 FLOW arssmcac.c(101)ArcCACHEPri_GetDocResStr:Enter
62572:47394759460608 10/14/2021 10:13:26:967167 FLOW arssmcac.c(112)ArcCACHEPri_GetDocResStr:Return
62572:47394759460608 10/14/2021 10:13:26:967176 INFO arssmcac.c(153)ArcCACHEPri_AssembleName:Current state assembledObjName=/BSA/DOC/4FAAA
62572:47394759460608 10/14/2021 10:13:26:967180 FLOW arssmcac.c(155)ArcCACHEPri_AssembleName:Return
62572:47394759460608 10/14/2021 10:13:26:981056 INFO arssmcac.c(3645)ArcCACHE_Retrieve:Current state object=/opt/app/cmod/ARSCACHE/retr/BSA/DOC/4FAAA (ArcI32)errno=2
#CMOD #DB2 #AFP2PDF #TSM #AIX #RHEL #AWS #AZURE #GCP #EVERYTHING

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2228
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: Issue implementing SSL
« Reply #4 on: October 19, 2021, 10:13:06 AM »
Return Code 2 is "does not exist".

Can you ls -l the path and see what you get back?

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR