Troubleshooting
Problem
Server is started and working fine. Able to run the command to launch the CLI environment but when try to authenticate with login command get error about communicating with server
Resolving The Problem
This problem is most likely do to an expired certificate used during CLI to EKM server communication. You will see any error like this:
You will need to replace the expired certificate. First, run command to get list of your certificates in your keystore like the following:
<JAVA_HOME>\bin\keytool -list -v -storetype JCEKS -keystore ekmkeystore.jck
After identifying which certificate is expired, follow these steps to replace the certificate and resolve the problem:
1) Make a full backup of EKM directory (keystore, KeyManagerConfig.properties/ClientKeyManagerConfig.properties, etc.)
2) After making sure you have a full EKM directory backup, remove the existing certificate using keytool through a command prompt:
<JAVA_HOME>/bin/keytool -delete -keystore /<path to keystore file>/key1412107.jck -alias <certificate> -storepass xxxxx -storetype JCEKS
*storepass is for keystore password
*alias is alias name for the expired certificate
3) Create a new certificate with the same alias as the expired one:
<JAVA_HOME>/bin/keytool -keystore /<path to keystore file>/key1412107.jck -storetype JCEKS -genkey -alias <certificate> -keyAlg RSA -keysize 2048 -validity 1825
*validity value is on days
4) Restart the EKM service
5) After taking above steps you should be able login
[{"Product":{"code":"SSWKFH","label":"Tivoli Components - Java Security"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"EKM","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"2.1","Edition":"","Line of Business":{"code":"","label":""}}]
Product Synonym
EKM
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21659692