Websphere集群环境下因修改时间而导致的节点停止,节点同步失败问题解决

背景:  因开发需要,将集群环境中的机器时间均增加了一年,即改为2013年

故障现象: 管理节点,应用节点,节点代理,服务器均能启动成功,但都停不了;而且节点间同步失败

解决思路: 以管理节点为例

 查看日志文件stopServer.log,发现主要异常信息如下:

ADMC0016E: The system cannot create a SOAP connector to connect to host tam01.site at port 8879.
.................        
moreCaused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: 
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: 
PKIX path validation failed: java.security.cert.CertPathValidatorException: 
The certificate is not valid until Tue Aug 13 00:00:01 GMT+08:00 2013; 

..............................

刚开始认为是soap的问题,经检查soap端口,服务均正常,所以排除了该异常可能

后来google搜索PKIX path validation failed.............在IBM官方网站上找到了答案(以下摘抄自IBM官方网站):

Cause

The default chained certificate has problems.

Resolving the problem

In WebSphere Application Server (WAS) version 7, a default chained certificate was introduced as a personal certificate. This certificate was created during profile set up and should be valid for a year. It should be renewed when its validity date expires.

When running ConfigEngine, it acts as a client that connects to the server through SOAP connector. It takes the parameters configured in <wp_profile>/properties/ssl.client.props that points to the key store file containing the default personal certificate and residing at <wp_profile>/etc/key.p12.

To renew the certificate, take the following steps

- Log in to the Integrated Solutions Console as the primary WAS administrative user;

- Navigate to Security > SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore> Personal certificates;

- Check the box besides "Default", and hit button "Renew". You should see the expiration date now is updated for another year.

- Restart servers.