|
Problem |
The Class 3 and Class 2 VeriSign PCA root certificates
that are included in the Sun® JDK provided with WebSphere Application
Server expire on January 7, 2004.
These certificates do not impact WebSphere® Application Server security
and are not recommended for use with production environments.
Applications leveraging the Java Secure Socket Extension (JSSE) with
WebSphere Application Server can use these certificates. |
|
Solution |
Sun has published an alert ID, 57436:
Download new certificates:
- WebSphere Application Server provides new certificates for
V4.0 and V5.0 on Windows®, AIX®, and all Linux platforms:
http://www-128.ibm.com/developerworks/java/jdk/security/
(Follow the instructions to replace the existing cacerts file in the
WAS_HOME/java/jre/lib/security directory).
- For HP_UX and Sun JDKs, there are a few options for
applying the change needed.
- If cacerts file only contains expired certificates, then replace the
existing cacerts file with an upgraded file that contains the upgraded
VeriSign certificates. This is the same solution as what is recommended
for the IBM Java SDK.
- If cacerts file contains additional certificates and upgrading the JDK
is not acceptable, then follow the recommendations on the sunsolve link
(above) to upgrade the VeriSign certificates in the existing cacerts
file.
- Contact IBM WebSphere Application Server Support to upgrade JDK with
one that contains a cacerts file containing upgraded VeriSign
certificates.
|
|
|