Siva R Vaka: 2012

Importing SSL certificate into websphere portal trust store

Was working on the application where I had to use the gmail smtp and ran into the following certificate error while testing.

[12/12/12 18:16:00:945 EST] 00000041 SystemErr R org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;

nested exception is:

javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:

java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:

java.security.cert.CertPathValidatorException: Certificate chaining error. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;

nested exception is:

java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:

java.security.cert.CertPathValidatorException: Certificate chaining error; message exception

By looking at the error, it is clear that is problem with SSL security certificate , Came accross the simple way to import the certificate into websphere portal

Capturing JMS events/Working with JMS (Java Messaging) in WCM

Few important things while working with JMS related in the WCM

1. Changing the required WCM config service resource properties

topic.publishing.enabled	This must be set to true to enable message generation and delivery. Default value: false
items.topic.publishing.enabled	Indicates whether item topics are published. This must be set to true to enable messages for item state changes.Default value: true
syndication.topic.publishing.enabled	Indicates whether syndication topics are published. This must be set to true to enable messages for the status of syndication. Default value: true
prerender.topic.publishing.enabled	Indicates whether pre-render topics are published. This must be set to true to enable messages for the status of pre-rendering.Default value: true
items.topic.name	The JNDI name of the JMS topic for status changes. Format for item state changes: jms/IWKTopics/Items Format for syndication state changes: jms/IWKTopics/Syndication Format for pre-rendering state changes: jms/IWKTopics/PreRender Default value: None

I have used the following values

topic.publishing.enabled :::true

items.topic.publishing.enabled :::true

syndication.topic.publishing.enabled:::true

prerender.topic.publishing.enabled :::false

items.topic.name :::jms/IWKTopics/Items

NOTE : Refer the infocenter for more details on configuration options (links are listed under resources)

2. Creating the WCM JMS resources using the configengine task

ConfigEngine.bat/sh create-wcm-jms-resources -DPortalAdminId=username -DPortalAdminPwd=password -DuseRemoteEndPoints=false

NOTE: -DuseRemoteEndPoints=true to create the JMS resources in the cluster environment

When you execute above configengine task, portal creates following JMS resources,

a) Creates JMS BUS called “IWKBus” and adds Portal Server/cluster as member

b) Creates TopicSpace called “IWK.Topic.Space”

c) Creates TopicConnectionFactory “IWKMessagingTopicConnectionFactory”

d) Creates following topics “IWKTopics_Items” ,” IWKTopics_PreRender” & “IWKTopics_Syndication”

e) Creates BUS queue destination “IWKQueue4IWKBus”

f) Creates the QueueConnectionFactory “IWKQueueConnectionFactory”

g) Creates following Queues i.e “IWKSyndicationQ” & “IWKPrerenderQ”

h) Creates following Activation Specs i.e “IWKSyndicationMonitorActivation” & “IWKItemChangeMonitorActivation”

3. Write MDB( message driven bean)

Write your custom business logic in the “onMessage” method of MDB and bind that MDB in EJB binding file like below.

<jca-adapter activation-spec-binding-name="jms/IWKItemChangeMonitorActivation" destination-binding-name="jms/IWKTopics/Items"/>

4. Message Selectors : you can specify the message selectors to avoid executing or calling the onMessage method for every item changes.

Troubleshooting

1. Had problem while running the config engine task, I had to provide the portal admin userid and password in wkplc.properties file ( Some it didn’t accept the userid and password that is passed from command line)

2. MessageSelectors didn’t work most of the time.

Resources

1. http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+WebSphere+Portal+Express+7+Product+Documentation#action=openDocument&res_title=Web_Content_Management_configuration_services_exp7&content=pdcontent

2. http://www-10.lotus.com/ldd/portalwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Web+Content+Manager+7+Product+Documentation#action=openDocument&res_title=Enabling_Java_messaging_services_for_web_content_wcm7&content=pdcontent

Changing the Ports for WebSphere Portal

Usually this is trivial task and can be done in multiple ways in cluster or standalone environments . But I ran into to problem while I was changing the ports where I had two versions of standalone portals installed on same box.

Usually we can change the websphere portal server ports in two simple ways

1. Using the ConfigEngine task

2. Using Websphere Admin console (ISC)

Changed all ports from ISC as it is simple way to do it , But after I changed all ports

1. Restarting the server failed. As SOAP connector port is also changed and causing the stop server scripts failed to communicate with server. I had to kill the process.

2. Accessing portal or admin console failed even though servers started successfully.

Realized that when we change the admin ports and default host ports from the WAS admin console it doesn’t change the virtual hosts mapping on the server and caused the above problem.

virtualhosts.xml contains entry like this.

To avoid being into this situation we have to update the virtual host port mapping from the ISC console.

NOTE: Above errors will not appear if you use the ConfigEngine task to modify the ports.

Resources::

1. Listing the ports used by server

./ConfigEngine.sh list-server-ports -DWasPassword=passw0rd

which generates a log file: -

/opt/IBM/WebSphere/wp_profile/ConfigEngine/log/WebSphere_Portal_PortMatrix.txt

Ports for WebSphere_Portal :

WC_defaulthost=10039

WC_adminhost=10042

WC_defaulthost_secure=10029

WC_adminhost_secure=10032

BOOTSTRAP_ADDRESS=10035

SOAP_CONNECTOR_ADDRESS=10025

2. Chaning the ports using the ConfigEngine task

ConfigEngine.bat modify-ports-by-startport -DWasPassword=wasadmin -DModifyPortsServer=WebSphere_Portal -DStartPort=20000

You will see the log statements like below

[wsadmin] {SOAP_CONNECTOR_ADDRESS {{host sivapc.sivavaka.com} {node sivapcNode} {server WebSphere_Portal} {port 20000} }}

[wsadmin] {SIP_DEFAULTHOST_SECURE {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20001} }}

[wsadmin] {SIP_DEFAULTHOST {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20002} }}

[wsadmin] {SIB_ENDPOINT_ADDRESS {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20003} }}

[wsadmin] {WC_defaulthost_secure {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20004} }}

[wsadmin] {DCS_UNICAST_ADDRESS {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20005} }}

[wsadmin] {SIB_MQ_ENDPOINT_SECURE_ADDRESS {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20006} }}

[wsadmin] {WC_adminhost_secure {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20007} }}

[wsadmin] {CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS {{host sivapc.sivavaka.com} {node sivapcNode} {server WebSphere_Portal} {port 20008} }}

[wsadmin] {ORB_LISTENER_ADDRESS {{host sivapc.sivavaka.com} {node sivapcNode} {server WebSphere_Portal} {port 20009} }}

[wsadmin] {BOOTSTRAP_ADDRESS {{host sivapc.sivavaka.com} {node sivapcNode} {server WebSphere_Portal} {port 20010} }}

[wsadmin] {CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS {{host sivapc.sivavaka.com} {node sivapcNode} {server WebSphere_Portal} {port 20011} }}

[wsadmin] {IPC_CONNECTOR_ADDRESS {{host localhost} {node sivapcNode} {server WebSphere_Portal} {port 20012} }}

[wsadmin] {SIB_ENDPOINT_SECURE_ADDRESS {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20013} }}

[wsadmin] {WC_defaulthost {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20014} }}

[wsadmin] {SIB_MQ_ENDPOINT_ADDRESS {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20015} }}

[wsadmin] {SAS_SSL_SERVERAUTH_LISTENER_ADDRESS {{host sivapc.sivavaka.com} {node sivapcNode} {server WebSphere_Portal} {port 20016} }}

[wsadmin] {WC_adminhost {{host *} {node sivapcNode} {server WebSphere_Portal} {port 20017} }}

3. http://pic.dhe.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=%2Fcom.ibm.websphere.base.iseries.doc%2Finfo%2Fiseries%2Fae%2Frmig_portnumber.html

4. http://infolib.lotus.com/resources/portal/8.0.0/doc/en_us/PT800ACD001/config/port_chg.html

WAS Performance Tuning Toolkit

Similar to VCE tool, this plugin is also quite useful to generate kind of quick report and to monitor WAS performance related aspects

Note: This it is not replacement for PMI (Performance Monitoring Interface) that is part of ISC but it persists the historical data for the better analysis . And also it uses PMI data for capturing events..etc.

1. Pre-requisites
a) Download & Install ISA workbench
b) Install WAS performance tuning toolkit plugin (similar to VCE plugin)

2. Connecting to desired server
a) Add new host with following details

NOTE :SOAP port should be your DMGR soap port.

Resources

VCE (Visual Configuration Explorer)

Most of the times with multiple environments (like Prod Authoring, Preview, Rendering and more or less similar environments in staging and QA) , it is hard to keep track all configurations changes and also whether they are in are in sync across platforms

Recently had chance to work on VCE(Visual Configuration Explorer) Tool to identify whether portal environments are configured same and all configuration changes to up to date.

1. Pre-requisites

a) Download & Install ISA workbench

b) Install VCE plugin in the ISA workbench

c) Download ISALite datacollector specific to environment (Linux, Windows..etc)

2. Config data Collection

a) Copy the “ISALite” tar.gz file into the <DMGR> root directory

a. /opt/IBM/WebSphere/DMGR/

b) Extract .tar file, it will generate the ISALite folder

a. tar –xvf ISALite.tar

c) Change directory to </opt/IBM/WebSphere/DMGR/ISALite/.

d) Run runISALite.sh -console with portaladmin user (Would be better if you have X windows enabled to use the GUI),

e) During the data collection process , it request lot of inputs choose the right options based on environment .

f) It will generate the .zip file with configuration data

g) Similarly collect config data from the desired environments

NOTE:

a) ISALite for the Portal doesn’t contain the VCE tool data collection option , make sure to download the ISALite for the websphere.

3. Comparing Configuration Files

a) To launch the VCE From ISA Workbench “Launch Activity àAnalyze Problem à select the VCE ”

b) Add configuration data i.e .zip files for the different environments

c) Now you expand and compare configuration at cell level.

d) You can drill down and figure out the actual difference.

Visual Configuration Explorer is also very useful to generate and understand the server topology diagrams like below ..

Resources