Crickets on this one...I happened to experience this while in Anaheim at PowerUP19 and even had the DCM expert from IBM give me a a hand.  His suggestion was my first instinct: Change the password that you are prompted for when you access the certificate store.  We did do that while he looked over my shoulder but that didn't fix the issue.

Hearing nothing here, I guessed that maybe the HTTP server needed to be restarted to pick up the new password.  I can't say for sure that it was the solution but I can successfully start the Apache instances that have SSL enabled.

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
Twitter - Sys_i_Geek IBM_i_Geek

On 5/22/2019 7:50 PM, Pete Helgren wrote:
[Posted by accident in Midrange-L]

I have  V7R2M0 HTTP Server where I updated my LetsEncrypt certificates and restarted the server instance.  Now I see this error:

[ibm_ssl:error] [pid 4294:tid 00000007] ZSRV_MSG0242: Key database file password expired, error = 107.

As far as I can determine, this is related to the DCM in some way.  Yes, I changed the password through the web admin interface and that made no difference.  As far as I can tell, the fact that it is a LetsEncrypt certificate isn't relevant, DCM generated the CSR and DCM imported the certificate with no problems.  It's just starting the instance with the SSL directives that is the issue. I don't know of another key database password except for the one in DCM that points to: /QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB

Anyone run into this?  A Google search turns up plenty of IBM links that point to nothing helpful when relating to IBM i....


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.