PK06715: ADMIN CONSOLE DOES NOT ALLOW AN SSL REPERTOIRE TO BE CREATED AT THE APPSERVER NODE LEVEL | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Cannot create a new SSL Repertoire at the AppServer node level via the Administrative Console. The Deployment Manager node name is always prepended instead of the AppServer node name.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: A CSI SSL repertoire specified at the * * server security level does not override * * the cell-level default repertoire. * **************************************************************** * RECOMMENDATION: * **************************************************************** It is possible to configure server-level CSI security settings that should override those configured at the cell level, however if you try to override the SSL repertoire for a server's CSI transport layers (for example, Servers > Application Servers > serverName > Server Security > CSI Transport -> Inbound > SSLSettings), various values associated with the new repertoire will not be reflected in the server's configuration and, consequently, will not be used by the server. The following repertoire values, as labeled on the Administrative Console, are affected: Key File Name Security Level V3 Timeout Cipher Suites These values map onto the following security.xml fields, respectively: repertoire/setting/keyFileName repertoire/setting/securityLevel repertoire/setting/properties/was.com.ibm.ssl.sys.v3.timeout repertoire/setting/properties/com.ibm.ssl.enabledCipherSuites Their corresponding was.env fields are, respectively: com_ibm_CSI_claimKeyringName com_ibm_CSI_claimSecurityLevel com_ibm_CSI_claim_ssl_sys_v3_timeout com_ibm_CSI_claimSecurityCipherSuiteList (Note: Only "claim" fields are listed here, but their "perform" counterparts are also affected.)Problem conclusion The values defined in the overridding SSL repertoires are now loaded by the server. APAR PK06715 is associated with SERVICE LEVEL W502032 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PK06772 PK06773 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PK06715.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK06715
IBM Group: Software Group
Modified date: Aug 2, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.