PQ83047: Cannot create keystore with iKeyman after Verisign Certificates have expired on IBM HTTP Server V1.3.28 with GSKit Version 7

 Fixes are available

PQ86671; 1.3.28: Potential Denial-of-Service attack vulnerability
PQ83047; 1.3.28: Expiring CA and Intermediate certs cause problems creating new



APAR status
Closed as program error.

Error description
some versions of iKeyman/iKeycmd will no longer create new
keystores with the expired Verisign Certificate.  This failure
is dependent of whether a customer uses Verisign Certificates or
not.  This problem is for all platforms with GSKit Version 7
Local fix
N/A
Problem summary
Cannot create keystore with Ikeyman after Veris
ign Certificates have expired on IBM HTTP Server V1.3.28 with Gs
kit version 7
Problem conclusion
Fix was in gskit ikeyman utility and include
d renew CA and Intermediate certs in the keyring. Problem also e
xist in gskit 6/IHS1.3.28 and IHS 2.0.42 for linuxPPC only.
Problem also exist for gskit 7 used in IHS2.0.47
Temporary fix Comments
APAR information
APAR number PQ83047
Reported component name APACHE HTTP SVR
Reported component ID 5648B7801
Reported release 326
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-01-09
Closed date 2004-01-16
Last modified date 2004-01-16

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
GSKIT          

Publications Referenced

Fix information
Fixed component name APACHE HTTP SVR
Fixed component ID 5648B7801

Applicable component levels
R326 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > IBM HTTP Server > Runtime
Operating system(s):
Software version: 326
Software edition:
Reference #: PQ83047
IBM Group: Software Group
Modified date: Jan 16, 2004