PI55373: Collective framework needs to support certificates signed by thi rd party signers

Fixes are available

APAR status

Closed as program error.

Error description

rootkeys.jks is used for a collective when the default
certificates are used, but for an installation utilizing CA
certificates, even though this keystore file serves no
purpose
it is still expected to exist in the runtime.



&#160;

Local fix

When CA certificate will be used, it won't be needed.
rootKeys.jks will be created when collective create command
is issued, but to ensure WebSphere's cert is used when customer
replace it with CA, development team would like rootKeys.jks
removed to ensure it will no longer be used.

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server Liberty - Security                   *
****************************************************************
* PROBLEM DESCRIPTION: Customers needed to use their own       *
*                      certificates, signed by third party     *
*                      Signers                                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Currently the collective framework creates and uses, it own
certificates and DN formats. Needed to support certificates
signed by third party signers.

Problem conclusion

The verification part of the collective authentication code, has
been modified to accommodate custom DN formats. The hard coded
dependency on default root signers has been removed.

The fix for this APAR will allow the customers to use their own
personal certificates signed by third party certification
authority.
The solution also involves few manual steps, which are
documented.

The fix for this APAR is currently targeted for inclusion in fix
pack 16.0.0.2.  Please refer to the Recommended Updates page
for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PI55373
Reported component name
WAS LIBERTY COR
Reported component ID
5725L2900
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-01-13
Closed date
2016-05-11
Last modified date
2016-06-13

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WAS LIBERTY COR
Fixed component ID
5725L2900

Applicable component levels

R855 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 May 2022

Tips

PI55373: Collective framework needs to support certificates signed by thi rd party signers

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R855 PSY

Document Information

Share your feedback

Need support?