PQ77261: Default certificates will expire on 01/15/2004.

 Fixes are available

4.0.7: WebSphere Application Server Version 4.0 Fix Pack 7
PQ77261; 4.0.6: Default certificates will expire on 01/15/2004.
5.0.2.7: WebSphere Application Server Express 5.0.2 Cumulative Fix 7
5.0.2.12: WebSphere Application Server 5.0.2 Cumulative Fix 12
5.0.2.13: WebSphere Application Server 5.0.2 Cumulative Fix 13
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for AIX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Solaris
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for HP-UX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Windows
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Windows
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Solaris
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for AIX
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for AIX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Solaris
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Windows
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for AIX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for HP-UX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Solaris
5.0.2.8: WebSphere Application Server V5.0.2 Cumulative Fix 8
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for HP-UX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for AIX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Solaris
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Windows
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Solaris
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for HP-UX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Linux
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for AIX



APAR status
Closed as program error.

Error description
When the certificates expire, the following message is
received:

[8/7/04 12:42:29:305 CDT] 649778c2 ORBRas        X
    com.ibm.CORBA.iiop.IIOPConnection send
    (IIOPOutputStream, OneWay)
    P=540553:O=0:CT The following exception was logged
    javax.net.ssl.SSLHandshakeException: certificate expired
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security and have not           *
*                 configured new SSL Trust and Key stores.     *
****************************************************************
* PROBLEM DESCRIPTION: The default certificates will expire    *
*                      on 1/15/2004.                           *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The default certificates will expire on 1/15/2004.  This will
prevent servers from initializing and will cause servers to
stop operating if already started when the certificates
expire.

The following error messages will appear in the tracefile
during server startup:

[10/10/04 16:58:12:557 CDT] 6434c6c1 ORBRas
   X com.ibm.CORBA.iiop.IIOPConnection send(IIOPOutputStream,
   OneWay) P=484786:O=0:CT The following exception was logged
   javax.net.ssl.SSLHandshakeException: certificate expired
        at com.ibm.jsse.bd.a(Unknown Source)
        at com.ibm.jsse.b.a(Unknown Source)
        at com.ibm.jsse.b.write(Unknown Source)
        ....

[10/10/04 16:58:12:757 CDT] 6434c6c1 AdminServer
    X WSVR0009E: Error occurred during startup
    java.lang.RuntimeException: com.ibm.ejs.EJSException: Could
    not register with Location Service Daemon;
    nested exception is:
 java.lang.ClassCastException
        at com.ibm.ws.runtime.Server.initializeOrb
            (Server.java:1464)
        at com.ibm.ws.runtime.Server.initializeRuntime0
            (Server.java:941)
        at com.ibm.ejs.sm.server.ManagedServer.
             initializeRuntime0(ManagedServer.java:408)
        .....
Problem conclusion
New certificates were created that will not expire until 2021.
It is important to note that these certificates (or the
original ones) should not be used if IIOP over SSL and HTTPS
communications need to be secure.
Temporary fix Comments
APAR information
APAR number PQ77261
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-08-07
Closed date 2003-09-29
Last modified date 2003-09-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
security          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ77261
IBM Group: Software Group
Modified date: Sep 29, 2003