Version 5.0.2 cumulative fixes might overwrite the dummy key files
 Technote (troubleshooting)
 
Problem(Abstract)
Applying a WebSphere® Application Server Version 5.0.2 cumulative fix might overwrite the dummy key files in the <WAS_HOME>/etc directory. These dummy key files are:

DummyClientKeyFile.jks
DummyClientTrustFile.jks
DummyServerKeyFile.jks
DummyServerTrustFile.jks
 
Cause
IBM® provides the default certificates, which are used if Secure Sockets Layer (SSL) is enabled with the dummy key files. These certificates, which are labeled "WebSphere dummy server","WebSphere dummy client", and so on, expired on March 17, 2005.

To update these certificates, each cumulative fix beginning with version 5.0.2.4, overwrites the key files in the <WAS_HOME>/etc directory. The new set of key files contains new certificates that do not expire until October 13, 2021.

 
Resolving the problem
IBM can change these key files and certificates at any time. These files and certificates are provided for sample and test purposes only.

Do not use these keys in a production environment. It is recommended that you generate your own key files to replace the dummy key files. For more information on how to replace the dummy key files, see Creating Custom Secure Socket Layer (SSL) Key Files for V5.0 using Self-Signed Certificates (GSK 5).

To continue using the dummy key files, use the ikeyman utility to complete the following steps after applying the Version 5.0.2 cumulative fix:


  1. Remove the expired certificates.

  2. Reimport any custom certificates that you might use.

 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1232746
IBM Group: Software Group
Modified date: May 12, 2006