APAR status
Closed as program error.
Error description
When the certificates expire, the following message is
received in SystemOut.log for the server:
[8/7/05 12:57:33:375 CDT] c1e56e2 SASRas E JSAS0455E:
ERROR in sasOutboundSSLConfig: The certificate with alias
websphere dummy server from keyStore
C:\was\5.0.2\AppServer/etc/DummyServerKeyFile.jks
is expired.
Three other similar errors will occur.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who *
* have enabled security and have not *
* configured new SSL Trust and Key stores. *
****************************************************************
* PROBLEM DESCRIPTION: The default certificates will expire *
* on 3/17/2005. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
The default certificates expire on 3/17/2005. This prevents
servers from initializing and causes servers to
stop operating if already started when the certificates
expire.
The following error messages appears in the SystemOut.log
during server startup:
[9/29/50 12:59:45:172 CDT] 36640dee KeyStoreKeyLo E WSEC5156E:
An exception while retrieving the key from KeyStore object:
java.security.cert.CertificateExpiredException: NotAfter:
Sat Oct 01 04:54:06 CDT 2011
at sun.security.x509.CertificateValidity.valid
(CertificateValidity.java:284)
at sun.security.x509.X509CertImpl.checkValidity
(X509CertImpl.java:425)
at sun.security.x509.X509CertImpl.checkValidity
(X509CertImpl.java:398)
at com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator.
validateCert(KeyStoreKeyLocator.java:266)
...
Problem conclusion
New certificates were created that do not expire until 2021.
It is important to note that you should not use either these
certificates or the original certificates if IIOP over SSL and
HTTPS communications must be secure.
Temporary fix Comments
APAR information |
APAR number |
PQ77264 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-08-07 |
Closed date |
2003-09-29 |
Last modified date |
2005-04-26 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|