PK93207: TAI CAN'T OBTAIN THE SSL ENDPOINT INFORMATION INCLUDING CERTIFICATE INFORMATION

Fixes are available

APAR status

Closed as program error.

Error description

TAI can't obtain the Secure Sockets Layer (SSL) endpoint
information (including certificate information) that was used
to directly connect to the WebSphere Application Server.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  IBM WebSphere Application Server Version    *
*                  7.0 users                                   *
****************************************************************
* PROBLEM DESCRIPTION: A Trust Association Interceptor (TAI)   *
*                      interface implementation cannot         *
*                      obtain the Secure Sockets Layer         *
*                      certificate information.                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When a web server, for example IBM HTTP Server, is
communicating with the WebSphere Application Server (WAS)
using a TAI, the certificate information that was used to
connect to WAS is not available to the TAI implementation.  As
a result, the TAI implementor cannot establish a trust when it
is critical to know whether a request is came through a web
server or directly to WAS.

Problem conclusion

The WebContainer code was modified to provide the certificate
information for a request using HttpServletRequest's attributes.

"com.ibm.websphere.ssl.direct_connection_peer_certificates"
contains a "X509Certificate[]" object of a direct peer's
certificate.

"com.ibm.websphere.ssl.direct_connection_cipher_suite"
contains a String object of a direct cipher suite.

"com.ibm.websphere.webcontainer.is_direct_connection" contains
a Boolean object which indicates whether a connection is
through a web server or directly to WebSphere Application
Server.

The fix for this APAR is currently targeted for inclusion in
fix pack 7.0.0.7.  Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PK93207
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-08-05
Closed date
2009-08-26
Last modified date
2009-10-06

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800

Applicable component levels

R700 PSY
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
24 October 2021

Tips

PK93207: TAI CAN'T OBTAIN THE SSL ENDPOINT INFORMATION INCLUDING CERTIFICATE INFORMATION

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R700 PSY

Document Information

Share your feedback

Need support?