APAR Number : PQ47370 (this fix is included in 3.5.3 and 3.0.2.4) Description : DummyKeyring with New Certificates Note: Old DummyKeyring expiration is July 21, 2001 WAS Version : 3.5.2 and 3.0.2.3 and older releases need the new Keyring file. Also, interoperability between 3.5.2 and 3.5.3 requires that the 3.5.2 systems use this new keyring file in test environments. Fix File : PQ47370.JAR How to apply this fix: Step 1: Create a directory called "fixes" under the WebSphere root. /fixes. For e.g the root could be /usr/WebSphere/AppServer. Step 2: Copy PQ47370.jar into the fixes directory. Step 3: Ensure that every server script and client script has this fix at the beginning of the classpath. For example: NT Platforms: /bin/debug/adminserver.bat /bin/adminclient.bat /bin/wscp.bat /bin/XMLConfig.bat .... any other client or server which already has the UJC.JAR in the classpath Unix Platforms: /bin/debug/adminserver.sh /bin/adminserver.sh /bin/startupServer.sh /bin/wscp.sh /bin/XMLConfig.sh .... any other client or server which already has the UJC.JAR in the classpath. Step 4: Restart the entire WebSphere domain. All clients and servers will need to communicate using the exact same DummyKeyring file. This will ensure that the proper SSL handshake will take place. If there is any mismatch, communications will fail. NOTICE: Please DO NOT use the DummyKeyring file in production environments. This file is only intended for test and development environments. To create production keyring files, please see the InfoCenter documentation. See the following sections for assistance. 5.5.4.2: Getting a production certificate from a certificate authority. 5.5.6: Tools for managing certificates and keys 5.5.6.1.5: Example: generating and using test certificates 5.5.6.2.5: Making client and server keyrings accessible