Fixes are available
APAR status
Closed as program error.
Error description
In the current default configuration, IBMProcess Designer comes with a keystore that has an expired certificate. This negatively affects the user's ability to enable two-way authentication and customize authentication for a subset of users. PRODUCTS AFFECTED: IBM Business Process Manager (BPM) Advanced IBM BPM Standard IBM BPM Express
Local fix
Users can manually make changes to the installed Process Designer client before they customize authentication, as follows: 1. Delete the file key.p12 in the <PD Install Root>\etc directory. 2. Remove the #KeyStore Information section that references the keystore from the ssl.client.props file in the <PD Install Root>\resources directory: # KeyStore information com.ibm.ssl.keyStoreName=ClientDefaultKeyStore com.ibm.ssl.keyStore=etc/key.p12 com.ibm.ssl.keyStorePassword={xor}CDo9Hgw= com.ibm.ssl.keyStoreType=PKCS12 com.ibm.ssl.keyStoreProvider=IBMJCE com.ibm.ssl.keyStoreFileBased=true 3. Remove the following three lines that reference the keystore from the eclipse.ini file in the <PD Install Root> directory: -Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStore=./etc/key.p12 -Djavax.net.ssl.keyStorePassword=WebAS
Problem summary
This issue affects users of IBM Process Designer who connect to Process Center using a proxy with the configuration value SSLVerifyClient optional_no_ca. The Process Designer default configuration comes with a keystore file that contains an expired certificate. Users who want to enable two-way authentication are blocked by the expired certificate in the keystore file.
Problem conclusion
A fix is available for IBM BPM 8.5.0.1 that removes the key.p12 file and removes a section that references the keystore from the ssl.client.props and eclipse.ini Process Designer configuration files. The product will no longer provide a default keystore file in Process Designer. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR49893: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR49893, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Temporary fix
Comments
APAR Information
APAR number
JR49893
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-04-04
Closed date
2014-06-04
Last modified date
2014-06-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
R850 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
17 October 2021