Interim Fix: IBM Java Cryptography Extension (JCE) Expires on 18 May 2006
 Flash (Alert)
 
Abstract
In WebSphere® Application Server versions 4.0 and 5.0, the IBM® Java™ Cryptography Extension (JCE) certificate will expire on 18 May 2006 at 21:59:19 GMT.

Notes:

  • Application Server versions 5.0.2.5 and above are not affected
  • Application Server versions using SDK 1.4.1 and above are not affected
  • Application Server - Express see reference in solution section
 
Content

Conditions of failure:
Using WebSphere Security, SSL, J2C security or applications making calls to the IBM JSSE or IBM JCE will encounter failures after 18 May 2006.

Versions affected:
  • Application Server versions 4.0, and 5.0 through 5.0.2.4, running SDK 1.3.1 and earlier.
  • WebSphere Express Server versions 5.0 - 5.0.2.17
  • Application Server for iSeries™ version 4.0 through 4.0.7 and version 5.0 through 5.0.2.4.


How to determine if you are affected:

WebSphere distributed platforms
  • Check each instance of Application Servers Build-Level or Implementation-Version depending on JCE version in the MANIFEST.MF from the ibmjcefw.jar which is located in install_root/java/jre/lib/ or install_root/java/jre/lib/ext depending the version of WebSphere. If it is dated 040219 (19 February 2004) or later you will be unaffected by the certificate expiration issue.
  • Note: The keytool.exe displays the certificate as only being valid until 18 May 2006. This is not an issue once the solution has been applied. JCE specification has changed its signed jar verification routine to accept signed jars with legitimate certificates even if the certificate has expired. As a result, JCE services will not be disrupted even if the signer's certificate for a JCE provider has expired.

WebSphere OS/400® or i5/OS® platforms
  • All levels of versions 4.0 and 5.0.2.4 and earlier are affected.
  • To check the level of WebSphere, run the following from the OS/400 command line:
STRQSH
cd was_install_root/bin
where was_install_root is:
/QIBM/ProdData/WebASE/ASE5 for Express edition
/QIBM/ProdData/WebAS5/Base for Base edition
/QIBM/ProdData/WebAS5/ND for Network Deployment edition
versionInfo
The version line shows the level of the product. If version is 5.0.2.4 or less you are affected.


Solution

WebSphere distributed platforms

WebSphere Application Server version 4.0:

WebSphere Application Server versions 5.0 - 5.0.1:
WebSphere Application Server versions 5.0.2 - 5.0.2.4:

Note: PQ85933 has been superseded for all versions of 5.0 and can be replaced by performing one of the above options.


WebSphere Express

WebSphere OS/400 or i5/OS platforms

WebSphere Application Server versions 4.0, 5.0 - 5.0.2.4: WebSphere Application Server for z/OS
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Software Development WebSphere Studio Enterprise Developer Security Windows 5.0, 5.0.1, 5.1.1, 5.1.2
Application Servers WebSphere Application Server - Express AIX, HP-UX, Linux, OS/400, Solaris, Windows 5.0.2.9, 5.0.2.8, 5.0.2.7, 5.0.2.6, 5.0.2.5, 5.0.2.4, 5.0.2.3, 5.0.2.2, 5.0.2.17, 5.0.2.16, 5.0.2.15, 5.0.2.14, 5.0.2.13, 5.0.2.12, 5.0.2.11, 5.0.2.10, 5.0.2.1, 5.0.2, 5.0.1, 5.0 Express
Business Integration WebSphere Studio Application Developer Integration Edition Java SDK Windows, Linux 4.1, 4.1.1, 4.1.2, 5.0, 5.0.1, 5.1, 5.1.1 Advanced, All Editions, Edition Independent, Enterprise, Personal, Standard, Workgroup, Workstation
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Java Security (JSSE/JCE)
Operating system(s): i5/OS
Software version: 5.0.2.4
Software edition:
Reference #: 1236118
IBM Group: Software Group
Modified date: Aug 30, 2007