Description:
Steps to convert IBM HTTP Server private keys to PEM format for APM CE (CEM)
Solution:
Use the IBM KEY Management Utility (IKEYMAN Utility) to export the IBM key to a pkcs12 format file.
Step 1: Export keys to a PKCS12 file with IKEYMAN:
<Please see attached file for image>
<Please see attached file for image>
Step 2: Use openssl to convert pkcs12 to PEM format:
[[email protected] tmp]# openssl pkcs12 -in abcd_w7.p12 -nocerts -nodes -out abcd_w7.pemEnter Import Password:MAC verified OK
Step 3: Check the TIM log to verify that the TIM can decrypt IBM HTTP Server traffic.
Thu Nov 28 08:03:19 2013 16314 WebServer: POST request for /tess/PrivateKeyFile from 127.0.0.1Thu Nov 28 08:03:19 2013 16314 WebServer: data is encryptedThu Nov 28 08:03:19 2013 16314 WebServer: request forwarded from 10.135.45.143Thu Nov 28 08:03:19 2013 16314 SslPrivateKeyConfig: private key file readThu Nov 28 08:03:19 2013 16314 SslPrivateKeyManager: writing /etc/wily/cem/tim/config/webservers/10.135.45.143-10.135.45.143~443.xml-encThu Nov 28 08:03:19 2013 16314 SslPrivateKeyManager: defining SSL server group "10.135.45.143-10.135.45.143~443"Thu Nov 28 08:03:19 2013 16314 SslPrivateKeyManager: IP address(es) 10.135.45.143, TCP port 443Thu Nov 28 08:03:19 2013 16314 sslinterface: creating network handler for 10.135.45.143-10.135.45.143~443Thu Nov 28 08:03:26 2013 16314 Trace: [10.135.47.180]:3084->[10.135.45.143]:443 openedThu Nov 28 08:03:26 2013 16314 Trace: Component #10 request: 10.135.45.143/home.html client=[10.135.47.180]:3084 server=[10.135.45.143]:443 at 08:03:26Thu Nov 28 08:03:26 2013 16314 Trace: Param: Url Req Port = 443.Thu Nov 28 08:03:26 2013 16314 Trace: Param: Url Req ClientIP = 10.135.47.180.Thu Nov 28 08:03:26 2013 16314 Trace: Param: Url Req Path = /home.html.Thu Nov 28 08:03:26 2013 16314 Trace: Param: HTTP Req Accept = image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-shockwave-flash, */*.Thu Nov 28 08:03:26 2013 16314 Trace: Param: HTTP Req Accept-Language = en-ind.Thu Nov 28 08:03:26 2013 16314 Trace: Param: HTTP Req User-Agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GIS IE 6.0 Build 20080321; BTRS112560; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8).Thu Nov 28 08:03:26 2013 16314 Trace: Param: HTTP Req Accept-Encoding = gzip, deflate.Thu Nov 28 08:03:26 2013 16314 Trace: Param: HTTP Req Host = 10.135.45.143.Thu Nov 28 08:03:26 2013 16314 Trace: Param: Url Req Host = 10.135.45.143.Thu Nov 28 08:03:26 2013 16314 Trace: Param: HTTP Req Connection = Keep-Alive.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: URL Port = 443.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: URL Path = /home.html.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: RequestHeader Accept = image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-shockwave-flash, */*.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: RequestHeader Accept-Language = en-ind.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: RequestHeader User-Agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GIS IE 6.0 Build 20080321; BTRS112560; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8).Thu Nov 28 08:03:26 2013 16314 Trace: Meta: RequestHeader Accept-Encoding = gzip, deflate.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: RequestHeader Host = 10.135.45.143.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: URL Host = 10.135.45.143.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: RequestHeader Connection = Keep-Alive.Thu Nov 28 08:03:26 2013 16314 Trace: Full host: 10.135.45.143Thu Nov 28 08:03:26 2013 16314 Trace: Component #10 request: no session id found for any appdefThu Nov 28 08:03:26 2013 16314 Trace: Component #10 does not match a transet definition or an expected componentThu Nov 28 08:03:26 2013 16314 Trace: Component #10 response header: status=200 at 08:03:26Thu Nov 28 08:03:26 2013 16314 Trace: Param: Resp Resp Status = 200.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Date = Thu, 28 Nov 2013 12:55:15 GMT.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Last-Modified = Thu, 28 Nov 2013 12:25:37 GMT.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp ETag = "70-4ec3bcfa132a7".Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Accept-Ranges = bytes.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Content-Length = 112.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Keep-Alive = timeout=10, max=100.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Connection = Keep-Alive.Thu Nov 28 08:03:26 2013 16314 Trace: Param: RespHeader Resp Content-Type = text/html.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: Response Status = 200.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Date = Thu, 28 Nov 2013 12:55:15 GMT.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Last-Modified = Thu, 28 Nov 2013 12:25:37 GMT.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader ETag = "70-4ec3bcfa132a7".Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Accept-Ranges = bytes.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Content-Length = 112.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Keep-Alive = timeout=10, max=100.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Connection = Keep-Alive.Thu Nov 28 08:03:26 2013 16314 Trace: Meta: ResponseHeader Content-Type = text/html.Thu Nov 28 08:03:26 2013 16314 Trace: Component #10 response body at 08:03:26Thu Nov 28 08:03:38 2013 16314 Trace: [10.135.47.180]:3084->[10.135.45.143]:443 client RSTThu Nov 28 08:03:38 2013 16314 Trace: [10.135.47.180]:3084->[10.135.45.143]:443 closed by client