IBM Support

Information Server launchpad and Information Server web applications fail to start in Chrome and Edge browsers

Troubleshooting


Problem

The Information Server launchpad and Information Server web applications fail to start in Chrome and Edge browsers.

Symptom

The browser reports an error that the site cannot provide a secure location alluding to the possibility that the login certificate was not affected:

image 9074

Cause

Recent versions of the Edge and Chrome browser have started rejecting certificates with SHA1 algorithms due to security concerns,

Environment

Although this behavior was initially observed while validating Information Server 11.7.1.1 Service pack 1, the error could be encountered with any version of Information Server.
Although the behavior was not seen with Firefox, future versions of Firefox may behave in the same manner.

Diagnosing The Problem

1. Examine whether the error returned by the browser is similar to as shown in the screen shot above.

2. Determine the algorithm used in your SSL certificate for connection to the server.
     For example,in your http server is it using a certificate  created with SHA1withRSA algorithm:

            [root bin]# ./gskcmd -cert -details -label sslkeycert -db /opt/IBM/sslkey.kdb

3. If the certificate has a SHA1 algorithm then your certificate has the issue.

Resolving The Problem

1. Create a backup of your existing certificates.
     For example, move your existing certificates from /opt/IBM/sslkey* to /opt/IBM/backup/sslkey*

2. Created a new SSL certificate.
     For example, in your http server key store, you can use the following commands to create a new certificate that uses the SHA256WithRSA algorithm.

           [root bin]# ./gskcmd -keydb -create -db /opt/IBM/sslkey.kdb -pw wasadmin -type cms -stash
           [root bin]# ./gskcmd -cert -create -db /opt/IBM/sslkey.kdb -type cms -pw wasadmin -label sslkeycert -dn "CN=<host name>.ibm.com,O=IBM,C=IN" -sig_alg SHA256WithRSA -size 2048 -default_cert yes

3. To verify the new certificate
     a. As indicated previously, determine the algorithm used in your SSL certificate and verify that it is not SHA1.
     b. Clear your browser's cache or open an incognito window.
     c. While connecting to the server, check that the browser does not report an error with the login certificate.
    

Document Location

Worldwide

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"ARM Category":[{"code":"a8m0z000000bpKaAAI","label":"Information Server Administration->Certificate"},{"code":"a8m0z000000cy34AAA","label":"Miscellaneous IIS Components and Topics->Launchpad"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
01 April 2021

UID

ibm16437745

Page Feedback