PQ65565: SSL CLIENT SIDE CERTIFICATES WORK WITH IPLANET 4.1 BUT NOT WITH IPLANET 6.X USING WEBSPHERE APPLICATION SERVER V4.0.3

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
Websphere Application Server V4.0.3
iPlanet Webserver V6.x
Win2000/Solaris
SSL client certificate information not visible in snoop servlet.
Works fine with iPlanet V4.1
Error seen in WAS log:
  WebGroup I SRVE0091l: snoop: init
  HttpRequest X PLGN0024E: No certificates java.security.cert.
  CertificateException: Unable to initialize java.io.IOException
    extra data given to DerValue constructor
   at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:
      150)
   ......
 Customer tested with Solaris and Win2K and plugin does not
   expect the given data or format of the certificate?
Local fix
Debug module ns41_http.dll supplied by KevinV, Plugin L3 team
 fixed the problem
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server version 4.0     *
*                 users of the iPlanet 6.0 webserver plugin    *
*                 with client authentication turned on.        *
****************************************************************
* PROBLEM DESCRIPTION: The app server was failing to get the   *
*                      client certificate even though the      *
*                      client had sent one.                    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
iPlanet 6 was passing the client certificate to the plugin with
some extra ctrl-M characters in it.  As a result the app server
was failing to decode it properly.
Problem conclusion
The plugin already parsed out the extra \n characters that
iPlanet adds to the certificate.  It also need to parse out
the \r characters if they were present.
Temporary fix
The efix has been given to the customer and we are awaiting
feedback.
Comments
APAR information
APAR number PQ65565
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-08-23
Closed date 2002-09-25
Last modified date 2002-09-25

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
PLUGIN          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ65565
IBM Group: Software Group
Modified date: Sep 25, 2002