Troubleshooting WebSphere Plug-ins GSK Error – Part 1

When attempting to access Lawson applications hosted in WebSphere, you may encounter a 500 service error that gives very little details. If there are no exceptions in any of the LAWDIR/system or WAS systemout.log, go you should also check the http_plugin.log in WAS/plugins/logs/<web_server>. If you discover GSK error message, this indicates that there is something wrong with your certificates or IBM security.

The error message will typically look like this:

[Thu Apr 01 09:47:45 2021] 00002574 000025a8 – ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=test.company.com,OU=certs,O=company,L=anywhere,ST=California,C=US, Serial=2d:7b:d0:29:00:08:00:00:5e:22

[Thu Apr 01 09:47:45 2021] 00002574 000025a8 – ERROR: ws_common: websphereGetStream: Could not open stream

[Thu Apr 01 09:47:45 2021] 00002574 000025a8 – ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=test.company.com,OU=certs,O=company,L=anywhere,ST=California,C=US, Serial=2d:7b:d0:29:00:08:00:00:5e:22

This can mean that the web server certificate is expired or invalid or not matching the certificate on the trust or key stores. Another thing to try is to set “AutoSecurity=false” on the Web Server plug-in custom properties.

To do this, go to Web Servers > <web server> > Plug-in Properties > Custom properties. Create a new property. The Name is AutoSecurity and the value is “false”. Save the configuration, then generate and propagate the plugins. Make sure that the plugins xml file has the new “AutoSecurity” setting in it. Bounce the WWW Publishing services for the change to take effect and test your application again.