SunAlert ID 57436: Certificates included with various releases of the Sun SDK and JRE Expire on 7 Jan 2004.
 Technote (FAQ)
 
Problem
The Class 3 and Class 2 VeriSign PCA root certificates that are included in the Sun® JDK provided with WebSphere Application Server expire on January 7, 2004.

These certificates do not impact WebSphere® Application Server security and are not recommended for use with production environments.

Applications leveraging the Java Secure Socket Extension (JSSE) with WebSphere Application Server can use these certificates.
 
Solution
Sun has published an alert ID, 57436:
Download new certificates:
  • WebSphere Application Server provides new certificates for V4.0 and V5.0 on Windows®, AIX®, and all Linux platforms:
    http://www-128.ibm.com/developerworks/java/jdk/security/
    (Follow the instructions to replace the existing cacerts file in the WAS_HOME/java/jre/lib/security directory).
  • For HP_UX and Sun JDKs, there are a few options for applying the change needed.
    1. If cacerts file only contains expired certificates, then replace the existing cacerts file with an upgraded file that contains the upgraded VeriSign certificates. This is the same solution as what is recommended for the IBM Java SDK.
    2. If cacerts file contains additional certificates and upgrading the JDK is not acceptable, then follow the recommendations on the sunsolve link (above) to upgrade the VeriSign certificates in the existing cacerts file.
    3. Contact IBM WebSphere Application Server Support to upgrade JDK with one that contains a cacerts file containing upgraded VeriSign certificates.
 
Related information
Description of related flashes
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1157068
IBM Group: Software Group
Modified date: Sep 10, 2004