IBM Support

IC91324: CERTIFICATE MONITOR ISSUES EXPIRATION WARNINGS FOR INTERNAL CERTIFICATES INCLUDING DEFAULT WEBGUI CERTIFICATE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The Certificate Monitor issues expiration warnings for internal
Crypto Certificate objects that are neither user visible nor
user modifiable.  This is problematic because the user has no
way to correct these certificates.

There are two specific internal Crypto Certificate objects that
are likely to trigger this problem called 'system-cert' and
'system-ssl-ca-cert' that are used by default in the SSL
configuration of the WebGUI and the XML Management Interface.


Warnings about those certificates look like this:

01:02:03 cert-monitor warn 383 0x806000e1 cert-monitor
(Certificate Monitor): Certificate 'system-cert' is about to
expire
01:02:03 cert-monitor warn 383 0x806000e1 cert-monitor
(Certificate Monitor): Certificate 'system-ssl-ca-cert' is about
to expire

Note: As long as the Objects>Crypto Configuration>Crypto
Certificate Monitor option for Disabled Expired Certificates is
turned OFF, the default setting, the certificate will continue
to be used.  If the "Disabled Expired Certificates" is turned
ON, then this APAR is required.

Please also refer to this TechNote which contains complete
details on this problem:
http://www-01.ibm.com/support/docview.wss?uid=swg21633306

Local fix

Problem summary

  • The Certificate Monitor issues warning about internal Crypto
Certificate objects including the default WebGUI certificates.
.

Problem conclusion

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC91324
    • 

  • Reported component name
    DATAPOWER  BLAD
    • 

  • Reported component ID
    DPBLADE01
    • 

  • Reported release
    382
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-04-04
    • 

  • Closed date
    2013-04-24
    • 

  • Last modified date
    2013-06-13
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER  BLAD
    • 

  • Fixed component ID
    DPBLADE01
    • 



Applicable component levels


    

  • R401  PSY
       UP
    • 

  • R402  PSY
       UP
    • 

  • R500  PSY
       UP
    • 

  • R600  PSY
       UP
    • 

  • R382  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFGB5","label":"WebSphere DataPower Integration Blade XI50B"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.8.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            13 June 2013
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback