IBM Sterling Ideas

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Connect Direct Certificate Renewal is shown as successful though it is unsuccessful

When the license renewal of Connect:Direct certificate is unsuccessful, no message is shown on GUI or logs. When IBM support is contacted, they replied that the correct logs will be captured in debug mode. As an interim measure, IBM support asked to check for the following statement in cms.log :
CONF014I Update config definition : G3SSPEngine_KeyStore succeeded.
If the above message is not found in the log, IBM support asked to enable the debug mode and renew the certificate again.

We request to fix this bug in the upcoming release to clearly show an error in GUI whenever the renewal is unsuccessful. Based on the message on GUI, we can open the logs and check for the exact error. Without any notification in GUI, the renewal is generally considered as successful. When this error occurs, no further action should be invoked. Currently, even though the error occurs, the renewal process continues normally as if nothing happened.

The product also need to ensure that the old certificate is deleted and the new certificate is injected before confirming on the GUI that the certificate renewal is successful. Currently, IBM support is unable to confirm the root cause. They say it may be due to a couple of scenarios :
1) The import failed. This would pop up a message on the screen and the user would have to click "OK" to continue.
2) The import worked, but when the certificate was imported, the user did not select the new keycert in the netmap for the pnode and it was still pointing to the old certificate, not the new one. So when the old one expired on the 27'th, the transfers started to fail.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 8 2018
  • Future consideration
What is the idea priority? Urgent
DeveloperWorks ID DW_ID80371
Link to original RFE
  • Attach files