PK23458: Signed jar verification fails after 05/18/2006 21:59:19 GMT | |||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The single APAR fix PQ85933 locates local_policy.jar and US_export_policy.jarfiles under wrong path, <WAS_ROOT>/java/jre/lib/security directory. The correct path for the both jar files is <WAS_ROOT> /java/jre/lib/ext directory. Also, it replaces <WAS_ROOT>/java/jre/lib/ext/ibmpkcs.jar.Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server version 5 * * users. * **************************************************************** * PROBLEM DESCRIPTION: The IBM JCE certificate will expire * * on May 18, 2006 at 21:59:19 GMT. * * After that date, users will see * * errors when invoking methods in IBM's * * JSSE or JCE. * **************************************************************** * RECOMMENDATION: * **************************************************************** For WebSphere Application Server version 5.0,5.0.1, 5.0.2, 5.0.2.1, 5.0.2.2, 5.0.2.3, or 5.0.2.4, the IBM JCE certificate will expire on May 18, 2006 at 21:59:19 GMT. After that date, users will see errors when using Application Server Security, SSL, J2C security or applications making calls to IBM's JSSE or JCE directly. Expected problems if fix hasn't been applied: Any API call for JCE will fail with following errors: - java.lang.ExceptionInInitializerError - java.lang.SecurityException: Cannot set up certs for trusted CAs. Following is a list of conditions when this error happens: - Global Security is enabled - SSL is enabled for HTTP transport - Application Server stores password for accessing datasource - Application is using javax.crypt.* class or javax.security.* classProblem conclusion Signed jar verification routine will now accept signed jars with legitimate certificates even if the certificate has expired. This APAR corrects a packaging error in iFix PQ85933. There is no problem with fixpacks.Temporary fix ********* * HIPER * *********Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 00I
Software edition:
Reference #: PK23458
IBM Group: Software Group
Modified date: May 22, 2006
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.