IBM Support

IBM web server Plugin may need LD_LIBRARY_PATH when used with Apache web server

Troubleshooting


Problem

IBM web server plug-in provides the connection between the web server and the IBM WebSphere Application Server. With Apache based web servers other than IHS, the IBM web server plug-in requires the LD_LIBRARY_PATH environment variable to contain the location of the IBM Global Security Kit (GSKit) libraries to create secure connections (HTTPS) to the application servers.
Without the GSKit libraries, the IBM web server plug-in is unable to initialize SSL, and only HTTP connections to the WebSphere Application servers are available.
If another IBM product installed an older level of GSKit in the /usr directory, handshake failures occur if the older libraries are loaded.

Symptom

During web server start-up, errors indicating failures are logged in the plug-in log file (http_plugin.log):
ERROR: lib_security: loadSecurityLibrary: Failed to load gsk library from opt/IBM/WebSphere/Plugins/gsk8/gsk8_64
ERROR: ws_transport: transportInitializeSecurity: Unable to load security library
ERROR: ws_server: serverAddTransport: Failed to initialize security
ERROR: ws_server: serverAddTransport: HTTPS Transport is skipped
If an older level of the GSkit library is present in the /usr directory, plug-in connection handshake failures occur with GSK_ERROR_BAD_PEER related messages.

Resolving The Problem

To resolve the problem, you must modify a web server startup script to define the location of the bundled GSKit library in the LD_LIBRARY_PATH environment variable.
  1. Determine the installation path for the WebSphere plug-in. In the examples, the /opt/IBM/WebSphere/Plugins path is used.
  2. Determine the web server startup script to modify
    • Red Hat 6 and earlier: /etc/sysconfig/httpd
    • Red Hat 7 and later: Create a new file /etc/systemd/system/httpd.service.d/websphere.conf
    • SUSE: /usr/sbin/envvars
    • Ubuntu: /etc/apache2/envvars
    • Other Apache installations: Review the apachectl script (and systemd unit definition) and look for an external configuration file that is sourced with the "source" or "." operator
  3. Edit the web server startup script
    • RHEL6 and earlier, SUSE, or Ubuntu:
      • If the web server startup file to modify already configures LD_LIBRARY_PATH, add the "/opt/IBM/WebSphere/Plugins/gsk8/gsk8_64/lib64" path to the colon-separated list of directories
      • Otherwise, append to the script:  
        if test "x$LD_LIBRARY_PATH" != "x"; then
  export LD_LIBRARY_PATH=/opt/IBM/WebSphere/Plugins/gsk8/gsk8_64/lib64/:$LD_LIBRARY_PATH
else
  export LD_LIBRARY_PATH=/opt/IBM/WebSphere/Plugins/gsk8/gsk8_64/lib64/
fi
    • RHEL7 and later (if you require other LD_LIBRARY_PATH customizations, you have to incorporate them statically) and then execute "systemctl daemon-reload" as root. 
      [Service]
Environment=LD_LIBRARY_PATH=​/opt/IBM/WebSphere/Plugins/gsk8/gsk8_64/lib64/
  4. In the rare chance, you use a 32-bit web server, replace "gsk8_64" with "gsk8_32" and "lib64" with "lib"
  5. Temporarily set LogLevel="TRACE" in the  plugin-cfg.xml configuration file.
  6. Perform a full stop and start (not restart) of Apache
  7. Review the lines containing "loadSecurityLibrary" and "show GsKit version" strings in the http_plugin.log file. Verify the correct installation path and the expected GSKit version (if you were previously getting the wrong version) are reported in the log file.
    • If the startup error is unchanged, review the following possible causes:
      • RHEL6 and earlier: If /etc/rc.d/init.d/httpd has text that looks like "LD_LIBRARY_PATH=/opt/rh/jbcs-httpd24/root/usr/lib64", it is likely that customizations to /etc/sysconfig/httpd are being over-written.  We suggest consolidating the LD_LIBRARY_PATH rules in /etc/sysconfig/httpd in such a case.  Consult with RedHat engineering for more information.
  8. Revert  LogLevel="TRACE" in plugin-cfg.xml and restart Apache

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CcwBAAS","label":"WebSphere HTTP Plugin->PLG.General"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"All Versions"}]

Document Information

Modified date:
01 September 2021

UID

swg21600618

Page Feedback