Make the changes in the Client JVM and java.security file to avoid issues related to trust certificates.
The TrustManager shipped with IBM® Java Runtime Environment (JRE) 7.0.4 verifies a certificate chain up to the trusted certificate; it does not verify the trusted certificate itself. If the self-signed certificate is the trusted certificate, CERTPATH will not examine it to see whether the certificate is expired. Because CERTPATH does not check for self-signed certificate expiration, an SSL connection can be established with an expired certificate.
The TrustManager shipped with IBM JRE 1.4.2 verifies the entire certificate chain up to and including the trusted certificate. As a result, if an expired certificate is encountered, an exception is thrown. If you are using IBM JRE 1.6.0, but want to revert to 1.4.2 behavior regarding expired certificates, make the following changes:
ssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=PKIXssl.KeyManagerFactory.algorithm=IbmX509
ssl.TrustManagerFactory.algorithm=IbmX509