Watson Supply Chain Ideas

Use this form to submit an idea for a new product feature. The product team will review your input and provide status updates as decisions are made regarding the request.

Before you submit a new idea, please view requests that have already been submitted. If your idea has already been submitted, you can add comments or vote on the existing idea, thereby indicating your agreement with the idea. We may use this information to help prioritize development of new features.


Submit ideas for Watson Marketing and Watson Commerce products

Connect Direct Certificate Renewal is shown as successful though it is unsuccessful

When the license renewal of Connect:Direct certificate is unsuccessful, no message is shown on GUI or logs. When IBM support is contacted, they replied that the correct logs will be captured in debug mode. As an interim measure, IBM support asked to check for the following statement in cms.log :
CONF014I Update config definition : G3SSPEngine_KeyStore succeeded.
If the above message is not found in the log, IBM support asked to enable the debug mode and renew the certificate again.

We request to fix this bug in the upcoming release to clearly show an error in GUI whenever the renewal is unsuccessful. Based on the message on GUI, we can open the logs and check for the exact error. Without any notification in GUI, the renewal is generally considered as successful. When this error occurs, no further action should be invoked. Currently, even though the error occurs, the renewal process continues normally as if nothing happened.

The product also need to ensure that the old certificate is deleted and the new certificate is injected before confirming on the GUI that the certificate renewal is successful. Currently, IBM support is unable to confirm the root cause. They say it may be due to a couple of scenarios :
1) The import failed. This would pop up a message on the screen and the user would have to click "OK" to continue.
2) The import worked, but when the certificate was imported, the user did not select the new keycert in the netmap for the pnode and it was still pointing to the old certificate, not the new one. So when the old one expired on the 27'th, the transfers started to fail.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 8 2018
  • Uncommitted Candidate
What is the idea priority? Urgent
DeveloperWorks ID DW_ID80371
Link to original RFE http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=80371
  • Attach files