IBM Support

IT43259: CERTIFICATE SIGNING REQUEST DOES NOT CONTAIN SAN INFORMATION

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When the default Self-Signed Certificate in IBM Spectrum Protect
Plus needs to be replaced by a CA-Signed Certificate, a CSR
(Certificate Signing Request) needs to be created on the IBM
Spectrum Protect Plus Server. Instructions to create the CSR can
be found at https://www.ibm.com/support/pages/how-set-https-cer
tificate-ibm-spectrum-protect-plus-spp-microsoft-certificate-au
thority.This CSR is missing SAN (Subject Alternate Name) informa
causing certificates to be created without the following
extended SAN attributes:
- host DNS information
- host IP address

This can lead to failures during the verification of the
certificate when opening IBM Spectrum Protect Plus GUI.



IBM Spectrum Protect Plus Versions Affected:
IBM Spectrum Protect Plus 10.1.x

Additional Keywords: SPP, SPPlus, TS011803358, CA, Cert, CSR,
SAN,

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* IBM Spectrum Protect Plus level 10.1.13 and 10.1.14.         *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See ERROR DESCRIPTION                                        *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This problem is currently *
* projected to be fixed in IBM Spectrum Protect Plus level     *
* 10.1.14.1 and 10.1.15. Note that this is subject to change   *
* at the discretion of IBM.                                    *
****************************************************************

    



Problem conclusion


    

  • A script has been provided to generate signing request and key
files when requesting certificates from a CA.  IBM Spectrum
Protect Plus appliance has been updated to include the script at
the following location: /opt/ECX/tools/scripts/generate_csr.sh

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT43259
    • 

  • Reported component name
    SP PLUS
    • 

  • Reported component ID
    5737SPLUS
    • 

  • Reported release
    A1D
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-03-02
    • 

  • Closed date
    2023-05-08
    • 

  • Last modified date
    2023-05-08
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • Other

    



Fix information


    

  • Fixed component name
    SP PLUS
    • 

  • Fixed component ID
    5737SPLUS
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A1D","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 January 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback