Fixes are available
9.0.0.7: WebSphere Application Server traditional V9.0 Fix Pack 7
9.0.0.8: WebSphere Application Server traditional V9.0 Fix Pack 8
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
9.0.5.4: WebSphere Application Server traditional Version 9.0.5 Fix Pack 4
9.0.5.5: WebSphere Application Server traditional Version 9.0.5 Fix Pack 5
WebSphere Application Server traditional 9.0.5.6
9.0.5.7: WebSphere Application Server traditional Version 9.0.5 Fix Pack 7
9.0.5.8: WebSphere Application Server traditional Version 9.0.5.8
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
9.0.5.9: WebSphere Application Server traditional Version 9.0.5.9
9.0.5.10: WebSphere Application Server traditional Version 9.0.5.10
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
9.0.5.11: WebSphere Application Server traditional Version 9.0.5.11
APAR status
Closed as program error.
Error description
When you delete the *.p12 files in the <PROFILE_ROOT>\config\cells\<CELLNAME>\nodes\<NODENAME> directory, start WebSphere Application Server, the newly created certificates use "SHA1withRSA" as signature algorithm whereas "SHA256withRSA" would be expected.
Local fix
Run the convertCertForSecurityStandard AdminTask to convert the signature algorithm from SHA1 to SHA256; see https://developer.ibm.com/answers/questions/206339/how-to-replac e-websphere-default-certificate-from.html
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: Recovered keystore and truststore * * contain certificate with SHA1 algorithm * * instead of SHA256 * **************************************************************** * RECOMMENDATION: It is recommended to always keep backup * * copy * * of the keystore and truststore. * **************************************************************** WebSphere recovers keystore and truststore files if they are not found at server startup. This function is for serviceability purpose and not officially supported but many customers familiar with it and found handy. The reported issue is, recovered keystore and truststore still include certificates with SHA1 algorithm although default certificates have been updated to SHA256.
Problem conclusion
The bug was fixed so that recovered keystore and truststore contain certificates with SHA256 algorithm. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.14 and 9.0.0.7 Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Replace the certificates with newly created SHA256 certificates.
Comments
APAR Information
APAR number
PI87414
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-09-15
Closed date
2017-12-14
Last modified date
2017-12-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
Document Information
Modified date:
04 May 2022