|
Problem |
In WebSphere® Application Server versions 4.0 and 5.0, the
IBM JCE that is shipped in the ibmjceprovider.jar file will
fail to work after May 18, 2006 at 21:59:19 GMT. |
|
Cause |
1. This problem only occurs on IBM JVM versions 1.2
and 1.3 where ibmjcefw.jar is dated prior to 040219
in the manifest file.
2. If you are running IBM JVM versions 1.2 or 1.3
ibmjcefw.jar file which is dated 040219 or later
you will be unaffected by the certificate expiration issue.
3. If you are running IBM JVM versions 1.4 you will be unaffected by the
certificate expiration issue.
WebSphere Application Server users who are using signed jars in deployed
applications will be affected as the Java Cryptography Extension (JCE) has
changed its signed jar verification routine to accept signed jars with
legitimate certificates even if the certificate has expired. As a result,
JCE services will not be disrupted even if the signer's certificate for a
JCE provider has expired. |
|
Solution |
By applying the latest JCE cumulative fix, JCE will ignore
the expiration of a certificate completely, it is not even checked.
Therefore, JCE services will never be disrupted even if the signer's
certificate for a JCE provider has expired. Signed jar verification
routine will now accept signed jars with legitimate certificates even if
the certificate has expired.
For versions 5.0 users, this fix is contained in: PQ85933
(included in 5.0.2.5 cumulative fix)
For versions 4.0 users, this fix is contained in: PQ91005 |
|
|
|
|
|
|