IBM Support

JR49893: IBM PROCESS DESIGNER IS INSTALLED WITH A KEYSTORE WITH AN EXPIRED CERTIFICATE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In the current default configuration, IBMProcess Designer comes
    with a keystore that has an expired certificate.
    This negatively affects the user's ability to enable two-way
    authentication and customize authentication for a subset of
    users.
    
    PRODUCTS AFFECTED:
    IBM Business Process Manager (BPM) Advanced
    IBM BPM Standard
    IBM BPM Express
    

Local fix

  • Users can manually make changes to the installed Process
    Designer client before they customize authentication, as
    follows:
    
    1. Delete the file key.p12 in the <PD Install Root>\etc
    directory.
    2. Remove the #KeyStore Information section that references the
    keystore from the ssl.client.props file in the <PD Install
    Root>\resources directory:
    # KeyStore information
    com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
    com.ibm.ssl.keyStore=etc/key.p12
    com.ibm.ssl.keyStorePassword={xor}CDo9Hgw=
    com.ibm.ssl.keyStoreType=PKCS12
    com.ibm.ssl.keyStoreProvider=IBMJCE
    com.ibm.ssl.keyStoreFileBased=true
    3. Remove the following three lines that reference the keystore
    from the eclipse.ini file in the <PD Install Root> directory:
    -Djavax.net.ssl.keyStoreType=PKCS12
    -Djavax.net.ssl.keyStore=./etc/key.p12
    -Djavax.net.ssl.keyStorePassword=WebAS
    

Problem summary

  • This issue affects users of IBM Process Designer who connect to
    Process Center using a proxy with the configuration value
    SSLVerifyClient optional_no_ca. The Process Designer default
    configuration comes with a keystore file that contains an
    expired certificate. Users who want to enable two-way
    authentication are blocked  by the expired certificate in the
    keystore file.
    

Problem conclusion

  • A fix is available for IBM BPM 8.5.0.1 that removes the key.p12
    file and removes a section that references the keystore from the
    ssl.client.props and eclipse.ini Process Designer configuration
    files. The product will no longer provide a default keystore
    file in Process Designer.  On Fix Central
    (http://www.ibm.com/support/fixcentral), search for JR49893:
    
        1. Select IBM Business Process Manager with your edition
    from the product selector, the installed version to the fix pack
    level, and your platform, and then click Continue.
        2. Select APAR or SPR, enter JR49893, and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR49893

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-04-04

  • Closed date

    2014-06-04

  • Last modified date

    2014-06-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM ADVANCED

  • Fixed component ID

    5725C9400

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
04 June 2014