Default SSL Certificates expire on 15 Jan 2004 for WebSphere Application Server V4
 Flash (Alert)
 
Abstract
On 15 Jan 2004, dummy key files shipped with WebSphere® Application Server V4.0.1 through V4.0.6 expired. WebSphere Application Server V5 is NOT affected. If your security is enabled using these expired certificates, your servers will not initialize and your running servers will stop operating.
 
Content
When certificates expire in WebSphere Application Server V4, the following message is logged in $WAS_ROOT/logs/tracefile (the administration server stdout file):

8/7/04 12:42:29:305 CDT¨ 649778c2 ORBRas        X
com.ibm.CORBA.iiop.IIOPConnection send  (IIOPOutputStream, OneWay)
P=540553:O=0:CT The following exception was logged
javax.net.ssl.SSLHandshakeException: certificate expired

at com.ibm.jsse.bd.a(Unknown Source)  
at com.ibm.jsse.b.a(Unknown Source)
at com.ibm.jsse.b.write(Unknown Source)
                                                               
10/10/04 16:58:12:757 CDT¨ 6434c6c1 AdminServer
X WSVR0009E: Error occurred during startup
java.lang.RuntimeException: com.ibm.ejs.EJSException: Could  
not register with Location Service Daemon; nested exception is:

java.lang.ClassCastException                                    
at com.ibm.ws.runtime.Server.initializeOrb(Server.java:1464)
at com.ibm.ws.runtime.Server.initializeRuntime0(Server.java:941)
at com.ibm.ejs.sm.server.ManagedServer.         initializeRuntime0(ManagedServer.java:408)              


If you configured WebSphere Application Server to use security and have not configured new SSL trust and key stores, you are affected by the following problems:

  • The default certificates for WebSphere Application Server V4.0.1 through V4.0.6 expire on 15 Jan 2004.

    Note: The default certificates for all releases of WebSphere Application Server V5.0 are due to expire on 17 Mar 2005. This certificate expiration can be extended to 2021 by installing PQ77264, delivered in cumulative fix 5.0.2.3.

  • These certificates are not supported for production environments. Do not use these certificates if IIOP over SSL and HTTPS communications must be secure.

  • This problem affects anyone using security or using SSL in the plugin, who has not applied new SSL trust and key stores.

To fix this problem, do one of the following:
  • Apply the interim fix for APAR PQ77261. This upgrades the certificates for WebSphere Application Server V4.0.1 through V4.0.6. These new certificates expire in 2021.

  • Upgrade to WebSphere Application Server fix pack 4.0.7. The default certificates provided by the product expire in 2021. It is recommended that you test applications with V4.0.7 before promoting this fix into a production environment.
 
Related information
Description of related flashes
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 4.0.6
Software edition:
Reference #: 1157067
IBM Group: Software Group
Modified date: Sep 10, 2004