Tuesday, May 26, 2009

DataPower XI150 Firmware upgrade steps

Login into data power 
1) Administration -> File Management -> image: Actions -> Upload Firmware image
2) Administration -> System Control -> Shudown -> Select Reload Firmware -> Perform Shutdown
3) Administration -> System Control -> Boot Image -> Select Firmware image -> Perform Boot 

Datapower will restart as part of steps 2 and 3 and you will have to relogin.
You can also perform continuous ping on data power IP to monitor its state (e.g. ping -t datapowerip) while performing steps 1 - 3.



 
Posted by at No comments:

Wednesday, May 20, 2009

WebSphere host lookup error

Problem:
ADMU0027E: An error occurred during federation 
ADMU0036E: The Deployment Manager cannot lookup by name host {hostname} at address 127.0.0.1; rolling back to original configuration.

Solution:
Check the /etc/hosts file. Remove loop back address and add hostname with relevant server IP.


Posted by at No comments:
Labels: , , , , , , ,

WebSphere SOAP Connection Errors

Problem:
WASX7023E: Error creating "SOAP" connection to host "{hostname}"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted]

Solution:
Attempt to recreate the problem using wsadmin
./wsadmin.sh -conntype SOAP -host {hostname} -port {8879 or relevant port}  -user {username} -password {password}

Copy the deployment manager Dummy*.jks files from /etc location to app server /etc location.
Try running the above wsadmin command
Posted by at No comments:
Labels: , , , , , , ,

Tuesday, May 12, 2009

PCI Compliance

To satisfy PCI compliance requirements with IBM HTTP Server 6.1 / Apache 2.0.47,  you will have to update httpd.conf with the following information.

TraceEnable off
FileETag MTime Size
UserDir disabled

Disable Mod status. Comment or remove the following line
-----------------------------------------------------------
#LoadModule status_module modules/mod_status.so

Disable SSLV2
---------------
SSLProtocolDisable SSLv2
Include the above line inside virtual host 443 section of each domain.

If you are hosting SSL in F5 BigIP LTM, in the corresponding clientssl profile, add the following in CIPHER textbox which has the value DEFAULT.
ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:HIGH:MEDIUM:RSA:RC4:
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)