PK10964: Need latest build of IBM JCE added to WebSphere Application Server for z/OS

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
In WebSphere Application Server for z/OS V5.0 the IBM JCE
that is shipped in the ibmjcefw.jar file will fail to work after
May 18, 2006.  The latest build of the IBM JCE, 041103 has been
changed:
*** As of IBMJCE -- Build-Level: -041103***
JCE has changed its signed jar verification routine to accept
signed jars with legitimate certificates even if the
certificate has expired.
As a result, JCE services will not be disrupted even if the
signer's certificate for a JCE provider has expired.
Following Sun's
approach...http://java.sun.com/products/jce/jce122_changes.html
***
Exception occurred during event dispatching:
java.lang.ExceptionInInitializerError:
java.lang.SecurityException:
 Cannot set up certs for trusted CAs
 at javax.crypto.f.<clinit>(Unknown source)
 at javax.crypto.KeyGenerator.getInstance(Unknown Source)
 at
.
Please refer to the following technote for additional
information:

html/Java_Security__JSSE_JCE_/swg21238056.html
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: The IBM JCE version 20030314 will fail  *
*                      to work after May 18, 2006.             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In WebSphere Application Server 5.0 the IBM JCE that is
shipped in the ibmjcefw.jar file will fail to work after
May 18, 2006.  A later build of the IBM JCE, 20040219, has been
changed:
  *** As of IBMJCE -- Build-Level: -040219***
JCE has changed its signed jar verification routine to accept
signed jars with legitimate certificates even if the
certificate has expired.
As a result, JCE services will not be disrupted even if the
signer's certificate for a JCE provider has expired.
Following Sun's
approach...http://java.sun.com/products/jce/jce122_changes.html
Problem conclusion
The IBM JCE version 20030314 is replaced with version 20040219.

APAR PK10964 is associated with SERVICE LEVEL W502034 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PK10964
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2005-08-25
Closed date 2005-09-28
Last modified date 2006-05-18

APAR is sysrouted FROM one or more of the following:
PQ85933

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UK07674    UP05/10/01 P F509

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK10964.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK10964
IBM Group: Software Group
Modified date: May 18, 2006