IBM Support

IT43259: CERTIFICATE SIGNING REQUEST DOES NOT CONTAIN SAN INFORMATION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When the default Self-Signed Certificate in IBM Spectrum Protect
    Plus needs to be replaced by a CA-Signed Certificate, a CSR
    (Certificate Signing Request) needs to be created on the IBM
    Spectrum Protect Plus Server. Instructions to create the CSR can
    be found at https://www.ibm.com/support/pages/how-set-https-cer
    tificate-ibm-spectrum-protect-plus-spp-microsoft-certificate-au
    thority.This CSR is missing SAN (Subject Alternate Name) informa
    causing certificates to be created without the following
    extended SAN attributes:
    - host DNS information
    - host IP address
    
    This can lead to failures during the verification of the
    certificate when opening IBM Spectrum Protect Plus GUI.
    
    
    
    IBM Spectrum Protect Plus Versions Affected:
    IBM Spectrum Protect Plus 10.1.x
    
    Additional Keywords: SPP, SPPlus, TS011803358, CA, Cert, CSR,
    SAN,
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Spectrum Protect Plus level 10.1.13 and 10.1.14.         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See ERROR DESCRIPTION                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is currently *
    * projected to be fixed in IBM Spectrum Protect Plus level     *
    * 10.1.14.1 and 10.1.15. Note that this is subject to change   *
    * at the discretion of IBM.                                    *
    ****************************************************************
    

Problem conclusion

  • A script has been provided to generate signing request and key
    files when requesting certificates from a CA.  IBM Spectrum
    Protect Plus appliance has been updated to include the script at
    the following location: /opt/ECX/tools/scripts/generate_csr.sh
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT43259

  • Reported component name

    SP PLUS

  • Reported component ID

    5737SPLUS

  • Reported release

    A1D

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2023-03-02

  • Closed date

    2023-05-08

  • Last modified date

    2023-05-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • Other
    

Fix information

  • Fixed component name

    SP PLUS

  • Fixed component ID

    5737SPLUS

Applicable component levels

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A1D","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
30 January 2024