PK06715: ADMIN CONSOLE DOES NOT ALLOW AN SSL REPERTOIRE TO BE CREATED AT THE APPSERVER NODE LEVEL

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Cannot create a new SSL Repertoire at the AppServer node level
via the Administrative Console. The Deployment Manager node name
is always prepended instead of the AppServer node name.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: A CSI SSL repertoire specified at the   *
*                      server security level does not override *
*                      the cell-level default repertoire.      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
It is possible to configure server-level CSI security settings
that should override those configured at the cell level,
however if you try to override the SSL repertoire for a server's
CSI transport layers (for example, Servers > Application Servers
> serverName > Server Security > CSI Transport -> Inbound >
SSLSettings), various values associated with the new repertoire
will not be reflected in the server's configuration and,
consequently, will not be used by the server.

The following repertoire values, as labeled on the
Administrative Console, are affected:
   Key File Name
   Security Level
   V3 Timeout
   Cipher Suites

These values map onto the following security.xml fields,
respectively:
   repertoire/setting/keyFileName
   repertoire/setting/securityLevel
   repertoire/setting/properties/was.com.ibm.ssl.sys.v3.timeout
   repertoire/setting/properties/com.ibm.ssl.enabledCipherSuites

Their corresponding was.env fields are, respectively:
   com_ibm_CSI_claimKeyringName
   com_ibm_CSI_claimSecurityLevel
   com_ibm_CSI_claim_ssl_sys_v3_timeout
   com_ibm_CSI_claimSecurityCipherSuiteList
(Note:  Only "claim" fields are listed here, but their
"perform" counterparts are also affected.)
Problem conclusion
The values defined in the overridding SSL repertoires are now
loaded by the server.

APAR PK06715 is associated with SERVICE LEVEL W502032 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PK06715
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2005-06-03
Closed date 2005-07-25
Last modified date 2005-08-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PK06772 PK06773

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UK05697    UP05/07/29 P F507

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK06715.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK06715
IBM Group: Software Group
Modified date: Aug 2, 2005