It's all about the answers!

Ask a question

A distributed environment using 4096 bit SSL keys

Georg Kellner (840479109) | asked Oct 13 '14, 5:44 p.m.
edited Oct 13 '14, 5:46 p.m.
Hey fellows,

we have a serious problem after updating the SSL certificates of a CCM instance which is configured on a remote server.
CCM can interact with JTS but JTS can't interact with CCM.
Does anyone of you use 4096bit SSL certificates?
What experiences do you have with 4096bit certificates?

Thanks for the answers. ;-)

greetings georg.

P.S. We are working on the issue with IBM via PMR. 

Accepted answer

permanent link
Georg Kellner (840479109) | answered Oct 14 '14, 3:30 a.m.
We've tested it.
Switching from 4096bit certificate to 2048bit certificate solved our problem.
Ralph Schoon selected this answer as the correct answer

Ralph Schoon commented Oct 14 '14, 3:38 a.m.

Odd, you should think that this is on a layer where the app wouldn't notice at all. Was this an issue of the application server?

One other answer

permanent link
Georg Kellner (840479109) | answered Oct 16 '14, 5:42 a.m.

Some more informations about what happened and the symptoms:

server A: WebSphere with JTS and QM installed, having a 2048 bit certificate
server B: WebSphere with CCM installed, having a 4096 bit certificate, reverse proxy

JTS said
No access to rootservices scr *URL* peer not authenticated

CCM itself was available via any webbrowser, it could aquire licenses and user roles from JTS, using workitems was okay.
The DWH jobs of CCM couldn't be run.
So we thought it is a wrong configuration in the reverse proxy.

The access via rich client was depending on the version of Eclipse. The standard RTC client was not able to connect to CCM, newer Eclipse clients with RTC plugin were able to connect to CCM.

We reconfigured the reverse proxy, but the problem was still there.

Switching the certificate back to 2048 solved the complete issue.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.