Fixes are available
APAR status
Closed as program error.
Error description
When a user tries to access WAS directly (without load balancer and IHS), the following exception is thrown: HttpMethodDir I org.apache.commons.httpclient.HttpMethodDirector executeWithRetry I/O exception (javax.net.ssl.SSLException) caught when processing request: hostname in certificate didn't match: <hostName1> != <localhost> The problem is caused by an issue in configNode, which is a tool of BPMConfig. It is hard coded that it will set the personal certificate to "cn=localhost" in NodeDefaultKeyStore, which should be set to "cn=Nodehostname". BPM Pattern used this tool to config BPM env in 8010. But it work well in 8010 because no function touch here. In 8011 BPM enabled hostname certification, then the problem occured.
Local fix
As you can see in the logs, one of the certificate shows "localhost" but the incoming request is with the full host name. It looks like that the certificate was not set up properly. To workaround this, create a new SSL certificate to replace the existing one in a node (not in cell): http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.web sphere.nd.multiplatform.doc/info/ae/ae/tsec_sslreplacenode.html Then restart the AppTarget cluster.
Problem summary
**************************************************************** * USERS AFFECTED: IBM Business Process Manager V8.1.1.1 * * Advanced, Standard, and Express * **************************************************************** * PROBLEM DESCRIPTION: When you try to access the WebSphere * * Application Server web container * * directly without a load balancer or * * IHS, the following exception is * * thrown: * * [11/4/13 17:16:54:694 CET] 00000036 * * HttpMethodDir * * Iorg.apache.commons.httpclient.HttpMeth * * odDirector executeWithRetry * * I/Oexception * * (javax.net.ssl.SSLException) caught * * when processing request:hostname in * * certificate didn't match: * * <acme.com>!= <localhost.localdomain> * **************************************************************** * RECOMMENDATION: * **************************************************************** This problem is caused by the configureNode, which sets a hard-coded personal certificate "cn=localhost.localdomain" in the NodeDefaultKeyStore. However, configureNode should be set to "cn=Nodehostname" to pass the host name verification that was added in IBM BPM V8.0.1 fix pack 1. IS A WORKAROUND AVAILABLE? (Y/N) IF Y: EXPLAIN IT. ==> Yes. In the log files, one of the certificates shows "localhost", but the incoming request applies to the full host name. The certificate might not have been set up properly. To workaround this problem, in a node (not in a cell) create a new SSL certificate to replace the existing one in a node, and then restart the BPM application cluster. For more information, see ¢â‚¬ “Creating a new SSL certificate replace an existing one in a node ¢â‚¬ ½ at http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/topic/com.ibm.web sphere.nd.multiplatform.doc/info/ae/ae/tsec_sslreplacenode.html.
Problem conclusion
A fix is available that fixes the hard-coded host name and domain name in the certificate so that it passes hostname validation. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR48872: 1. Select the product group, product, installed version, and platform, and click Continue. 2. Select APAR or SPR, enter JR48872, and click Continue. When downloading fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Comments
APAR Information
APAR number
JR48872
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
801
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-12-18
Closed date
2014-02-25
Last modified date
2014-11-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R800 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
12 October 2021