PQ77261: Default certificates will expire on 01/15/2004. | |||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description When the certificates expire, the following message is received: [8/7/04 12:42:29:305 CDT] 649778c2 ORBRas X com.ibm.CORBA.iiop.IIOPConnection send (IIOPOutputStream, OneWay) P=540553:O=0:CT The following exception was logged javax.net.ssl.SSLHandshakeException: certificate expiredLocal fix Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security and have not * * configured new SSL Trust and Key stores. * **************************************************************** * PROBLEM DESCRIPTION: The default certificates will expire * * on 1/15/2004. * **************************************************************** * RECOMMENDATION: * **************************************************************** The default certificates will expire on 1/15/2004. This will prevent servers from initializing and will cause servers to stop operating if already started when the certificates expire. The following error messages will appear in the tracefile during server startup: [10/10/04 16:58:12:557 CDT] 6434c6c1 ORBRas X com.ibm.CORBA.iiop.IIOPConnection send(IIOPOutputStream, OneWay) P=484786:O=0:CT The following exception was logged javax.net.ssl.SSLHandshakeException: certificate expired at com.ibm.jsse.bd.a(Unknown Source) at com.ibm.jsse.b.a(Unknown Source) at com.ibm.jsse.b.write(Unknown Source) .... [10/10/04 16:58:12:757 CDT] 6434c6c1 AdminServer X WSVR0009E: Error occurred during startup java.lang.RuntimeException: com.ibm.ejs.EJSException: Could not register with Location Service Daemon; nested exception is: java.lang.ClassCastException at com.ibm.ws.runtime.Server.initializeOrb (Server.java:1464) at com.ibm.ws.runtime.Server.initializeRuntime0 (Server.java:941) at com.ibm.ejs.sm.server.ManagedServer. initializeRuntime0(ManagedServer.java:408) .....Problem conclusion New certificates were created that will not expire until 2021. It is important to note that these certificates (or the original ones) should not be used if IIOP over SSL and HTTPS communications need to be secure.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ77261
IBM Group: Software Group
Modified date: Sep 29, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.