|
Abstract |
In WebSphere® Application Server versions 4.0 and 5.0, the
IBM® Java™ Cryptography Extension (JCE) certificate will expire on 18 May
2006 at 21:59:19 GMT.
Notes:
- Application Server versions 5.0.2.5 and above are not affected
- Application Server versions using SDK 1.4.1 and above are not affected
- Application Server - Express see reference in solution section
|
|
Content |
Conditions of failure:
Using WebSphere Security, SSL, J2C security or applications making calls
to the IBM JSSE or IBM JCE will encounter failures after 18 May 2006.
Versions affected:
- Application Server versions 4.0, and 5.0 through 5.0.2.4,
running SDK 1.3.1 and earlier.
- WebSphere Express Server versions 5.0 - 5.0.2.17
- Application Server for iSeries™ version 4.0 through 4.0.7
and version 5.0 through 5.0.2.4.
How to determine if you are affected:
WebSphere distributed platforms
- Check each instance of Application Servers Build-Level or
Implementation-Version depending on JCE version in the MANIFEST.MF from
the ibmjcefw.jar which is located in install_root/java/jre/lib/ or
install_root/java/jre/lib/ext depending the version of WebSphere.
If it is dated 040219 (19 February 2004) or later you will be
unaffected by the certificate expiration issue.
- Note: The keytool.exe displays the certificate as only
being valid until 18 May 2006. This is not an issue once the solution has
been applied. JCE specification has changed its signed jar verification
routine to accept signed jars with legitimate certificates even if the
certificate has expired. As a result, JCE services will not be disrupted
even if the signer's certificate for a JCE provider has expired.
WebSphere OS/400® or i5/OS® platforms
- All levels of versions 4.0 and 5.0.2.4 and earlier are
affected.
- To check the level of WebSphere, run the following from
the OS/400 command line:
STRQSH
cd was_install_root/bin
where was_install_root is:
/QIBM/ProdData/WebASE/ASE5 for Express edition
/QIBM/ProdData/WebAS5/Base for Base edition
/QIBM/ProdData/WebAS5/ND for Network Deployment edition
versionInfo
The version line shows the level of the product. If version is 5.0.2.4 or
less you are affected.
Solution
WebSphere distributed platforms
WebSphere Application Server version 4.0:
WebSphere Application Server versions 5.0 - 5.0.1:
WebSphere Application Server versions 5.0.2 - 5.0.2.4:
Note: PQ85933 has been superseded for all versions of 5.0 and can be
replaced by performing one of the above options.
WebSphere Express
WebSphere OS/400 or i5/OS platforms
WebSphere Application Server versions 4.0, 5.0 - 5.0.2.4:
WebSphere Application Server for z/OS
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Software Development |
WebSphere Studio Enterprise Developer |
Security |
Windows |
5.0, 5.0.1, 5.1.1, 5.1.2 |
|
Application Servers |
WebSphere Application Server - Express |
|
AIX, HP-UX, Linux, OS/400, Solaris, Windows |
5.0.2.9, 5.0.2.8, 5.0.2.7, 5.0.2.6, 5.0.2.5, 5.0.2.4, 5.0.2.3,
5.0.2.2, 5.0.2.17, 5.0.2.16, 5.0.2.15, 5.0.2.14, 5.0.2.13, 5.0.2.12,
5.0.2.11, 5.0.2.10, 5.0.2.1, 5.0.2, 5.0.1, 5.0 |
Express |
Business Integration |
WebSphere Studio Application Developer Integration Edition |
Java SDK |
Windows, Linux |
4.1, 4.1.1, 4.1.2, 5.0, 5.0.1, 5.1, 5.1.1 |
Advanced, All Editions, Edition Independent, Enterprise, Personal,
Standard, Workgroup, Workstation |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|
|