PQ57010: WAS WILL NOT USE SELF-SIGNED CERTS FROM KEYFILE ONLY. MUST ALSO HAVE TRUSTFILE. SHOULD BE ABLE TO USE 1 FILE ONLY. | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description Problem: Try to replace the dummyKeyring for the Admin Server by using only one keyring database file rather than two seperate files, 1 keyfile and 1 trustfile. . Using a trusted CA certificate does allow you to use one file but using a self-signed certificate does not.Local fix Create a trustfile and a keyfile for certificatesProblem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users of self * * signed certificates with security enabled * **************************************************************** * PROBLEM DESCRIPTION: If a user goes to the Security center, * * changes the standard server keyfile * * to another keyfile like self signed * * and enables security then user * * gets SSLHandshakeException * **************************************************************** * RECOMMENDATION: * **************************************************************** User is getting SSLHandShakeException when using his own self signed certificate. If the customer goes to the Security center, changes the standard server keyfile to another keyfile like self signed and enables security then the user gets SSLHandshakeExceptionProblem conclusion The fix has two parts. One related to proper creation of client and server side self signed jks files. The second part consists of ORB code using appropriate JSSE API to use these key and trust files in the SSL Connection creation logic of Java ORB. Code changes were made in Java ORB to use the proper JSSE API calls to use jks files. E-fix is available that has been tested to work. Class files modified: IIOPSSLConnection & IIOPSSLConnectionClientTemporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ57010
IBM Group: Software Group
Modified date: Apr 29, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.